Medical Devices: Individual Liability and MDR Reporting

United States v. Olympus Medical Systems Corp. and Yabe
Plea Agreements, No. 2:18-cr-00727 (D.N.J. filed Dec. 10, 2018)

This set of plea agreements initiated from a company’s failure to file adverse event reports with FDA. Although often viewed as “paperwork” violations, this case signifies the substantial risks companies and individuals can face for failing to meet these reporting requirements. FDA requires medical device manufacturers to submit Medical Device Reports (MDRs) under 21 C.F.R. Part 803 for an event when they “become aware of that reasonably suggests that one of their marketed devices:

(i) May have caused or contributed to a death or serious injury, or
(ii) Has malfunctioned and that the device or a similar device marketed by the manufacturer [or importer] would be likely to cause or contribute to a death or serious injury if the malfunction were to recur.”

On December 10, 2018, Olympus Medical Systems Corporation agreed to plead guilty to three misdemeanor counts of introducing misbranded duodenoscopes into interstate commerce.

A failure to submit an MDR renders a medical device “misbranded,” and the FDC Act prohibits the introduction of a misbranded medical device into interstate commerce. On December 10, 2018, Olympus Medical Systems Corporation agreed to plead guilty to three misdemeanor counts of introducing misbranded duodenoscopes into interstate commerce. Duodenoscopes are flexible, lighted tubes that are threaded through the body into the top of the small intestine (duodenum) and allow doctors to see potential problems in the pancreas and bile ducts. Because duodenoscopes are reusable devices, they must be reprocessed (cleaned) after each use to ensure that tissue or fluid from one patient is not transferred when used on a subsequent patient.

The plea agreement describes how Olympus received information requiring submission of an initial or supplemental MDR. Under the plea, the company is required to undertake certain compliance measures specific to MDR processes, akin to those contained in

FDA civil consent decrees:
• Retain an independent MDR expert to inspect and review the company’s policies and procedures;
• Have the MDR expert conduct periodic reviews of the company’s continued compliance with MDR requirements;
• Report to FDA and DOJ periodically for 3 years; and
• Require the President and Board of Directors to periodically review MDR compliance measures and provide certifications to FDA and DOJ regarding those reviews.

The global settlement committed all of DOJ, including the U.S. Attorney’s Offices throughout the country, not to
prosecute the company for the same conduct. Hisao Yabe, the former Division Manager for the Quality Assurance and Environment Division, agreed to plead guilty to one count for the same conduct. He stipulated that he was aware of the obligation to file and supplement MDRs, and that he failed to make such submissions even when required. Interestingly, the stipulation notes that he considered whether to submit a supplemental MDR in 2013 but did not file it until 2015. In reviewing the underlying Information, it appears Yabe was in the process of evaluating whether the information it received in 2013 required reporting (e.g., whether the methodology and conclusions of the information were appropriate), and agreed that if a supplemental MDR was required, the company should file it. It is unclear, however, why the company waited until 2015 and what ultimately motivated the filing decision at that time.

In addition to the mandatory compliance measures, the company agreed to pay an $80 million criminal fine (which was 2.5 times the profit earned from the duodenoscopes sold during the time period), and a $5 million forfeiture. Yabe faces up to a year in prison and a $100,000 fine; he will be sentenced in March 2019.

Medical Devices: Unapproved and Off-Label Marketing

United States v. ev3, Inc.

Plea Agreement, No. 1:18-cv-10461 (D. Mass. filed Dec. 7, 2018)

Medical device manufacturer ev3, Inc. agreed to plead guilty for what appears to be the same conduct raised in an earlier False Claims Act (FCA) case filed against it in the District of Massachusetts. That case ultimately was dismissed by the U.S. Court of Appeals for the First Circuit. In upholding dismissal of the FCA case against ev3, the First Circuit agreed that the government’s inaction in response to the allegations against ev3 evinced that the alleged conduct was not material to the government’s reimbursement decisions, a critical element of the FCA. ev3’s criminal plea here, however,
exemplifies the government’s ability to use different statutory enforcement tools to approach the same or similar conduct by a company. The original FCA action against ev3 involved a qui tam whistleblower who alleged the company was liable under the FCA for misrepresentations it made to FDA when
seeking approval of the Onyx artificial liquid embolization device. According to the relator, during the approval process for Onyx, ev3 agreed to a very narrow indication for Onyx, and also represented that it would provide significant training to physicians on the proper on-label use of Onyx.

Indeed, the approved product labeling
restricted its use to “physicians with neurointerventional
training and a thorough knowledge of the pathology to be treated, angiographic techniques, and super-selective
embolization.” Nevertheless, according to the relator, the company marketed Onyx for off-label uses, provided off-label product training to physicians, and sold the device to physicians who had little or no training. The relator claimed that ev3, when seeking approval to market Onyx, “disclaimed” marketing the device for other uses, “overstated” the training the company would provide to physicians, and “omitted” important safety information about the product. ev3 allegedly also concealed safety issues with the Onyx product from FDA. The relator argued that if FDA had known ev3 had no intention to restrict its marketing to the on-label indication, or adequately train physicians, and if FDA had known about safety issues with the Onyx product, the Agency would not have approved the product (i.e., that the company had fraudulently induced FDA to approve the device).

The First Circuit resoundingly rejected the relator’s theories: “The FDA’s failure actually to withdraw its approval of Onyx in the face of [relator]’s allegations precludes [the relator] from resting his claims on a contention that the FDA’s approval was fraudulently obtained.” In the absence of such official agency action by FDA, the court held that it was impossible to determine that FDA would not have approved the Onyx device without the alleged fraudulent representations. The court also concluded that the relator could not demonstrate materiality where CMS had continued to reimburse for Onyx, stating that “[t]he fact that CMS has not denied reimbursement for Onyx in the wake of [the relator]’s allegations casts serious doubt on the materiality of the fraudulent representations that [the relator] allege[d].”

ev3 pleaded guilty to misdemeanor violations of the FDC Act for conduct that echoed allegations previously dismissed in an earlier FCA case against the company.

ev3’s criminal plea, however, demonstrates that thegovernment did take serious issue with ev3’s marketing of its Onyx product, although not necessarily because it evinced the alleged fraud posited by the relator in his FCA claim. The criminal information does not explicitly discuss the company’s communications with FDA during the approval process for the device but does refer to post- marketing statements by FDA that made clear the company needed additional data to support an expanded indication for Onyx – statements that the company apparently disregarded. Thus, the pleading seems to
describe a straightforward off-label promotion violation rather than any “fraudulent inducement” of FDA approval
in the first instance The ev3 case serves as an excellent reminder that successful defense of FCA claims does not necessarily put an end to underlying statutory or regulatory violations. The government may choose an enforcement tool better suited to penalizing, for example, off-label marketing or misleading statements to the FDA.

False Claims Act: Materiality

United States ex rel. Ruckh v. Salus Rehabilitation, LLC
304 F. Supp. 3d 1258 (M.D. Fla. 2018)

This case reaffirms the Supreme Court’s materiality standard for False Claims Act (FCA) liability set forth in Universal Health Services, Inc. v. United States ex rel. Escobar, 136 S. Ct. 1989 (2016). Judge Steven Merryday of the Middle District of Florida dismissed a $350 million judgment against the defendants, who are owners and operators of specialized nursing facilities, noting that a claim under the FCA cannot be based on a “minor or unsubstantial” or “garden variety” regulatory violation. In dismissing the judgment, Judge Merryday explained that allowing FCA liability to stem from regulatory violations would result in a system of “government traps, zaps, and zingers” that permits the government to retain the benefit of a “substantially conforming” good or service, and to recover under the FCA damages (up to treble times) due to immaterial regulatory non-compliance.

The Ruckh case adds more fodder to the circuit split on whether inaction by FDA or continued reimbursement by CMS, despite knowledge of regulatory violations, can foreclose an FCA case.

The FCA permits the recouping of damages and civil penalties for false claims submitted to the federal government. An implied false certification theory of FCA liability exists where private parties seek government reimbursement for a good or service when it is implied that compliance with a statutory, regulatory, or contractual provision is contingent on payment, but such compliance is not met. In 2016, the Supreme Court explained in Escobar that the non-compliance must be “material” to the government’s decision to pay the claim, and the Court posited that the government’s decision to continue to pay for a good or service despite knowledge of non-compliance can be evidence of a lack of materiality.

In Ruckh, the relator alleged the nursing facilities violated Medicaid regulations, which rendered fraudulent its claims to the Medicaid program. The alleged non-compliances involved a failure to maintain a comprehensive care plan and a failure to keep proper records of services. After trial, the judgments against defendants totaled $350 million. In its opinion, the court found compelling the entire absence of evidence of how the government behaved in comparable circumstances. Given the lack of evidence, the court concluded that the jurors returned “an unwarranted, unjustified, unconscionable, and probably unconstitutional forfeiture – times three – sufficient in proportion and irrationality to deter any prudent business from providing services and products to a government armed with the untethered and hair-trigger artillery of a False Claims Act invoked by a heavily invested relator.” Absent this evidence, the court held that this FCA case could not stand – even after a jury trial and judgment. The court, like many since Escobar, agreed that Escobar requires that the relator prove “both that the non-compliance was material to the government’s payment decision and that the defendant knew at the moment the defendant sought payment that the non-compliance was material to the government’s payment decision.”

The Ruckh case adds more fodder to the circuit split on whether inaction by FDA or continued reimbursement by CMS, despite knowledge of regulatory violations, can foreclose an FCA case. Drug and device manufacturers facing FCA allegations based on regulatory violations could challenge the materiality of the alleged false compliance “certification” if FDA or CMS declines to respond to earlier knowledge of the alleged non- compliance.

Dietary Supplements: Enforcement Priority

United States v. 48,877 bags of Kratom Powder
Complaint, No. 4:18-cv-02981 (D.S.C. filed Nov. 5, 2018)

Anecdotally, and by way of FDA public pronouncements, the government is getting far more serious about enforcement actions against dietary supplement companies for violations of the Dietary Supplement Good Manufacturing Regulations, 21 C.F.R. Part 111, and about the distribution of dietary supplements that FDA considers to be adulterated because there is not “reasonable assurance” that new dietary ingredients in those products do not “present a significant or unreasonable risk of illness or injury.” The forfeiture case cited above dealt with large quantities of bulk powder and finished tablets containing kratom. The government’s complaint, filed in early November 2018, alleges serious concerns regarding the health impacts of kratom consumption and its potential for abuse. The complaint further alleges that the kratom products are dietary supplements and dietary ingredients within the meaning of the Federal Food, Drug, and Cosmetic Act (FD&C Act) and are adulterated under 21 U.S.C. § 342(f)(1)(B) because kratom is a new dietary ingredient for which there is inadequate information to provide reasonable assurance that it does not present a significant or unreasonable risk of illness or injury. The complaint is based on the status of kratom alone, not on manufacturing or listing deficiencies. This may represent a pivot in FDA enforcement relating to kratom: a company that performed a recall of kratom products in June 2018 for salmonella contamination (the recall notice is still posted on FDA’s website) continues to sell kratom products, according to its website, and prior FDA Warning Letters (as recently as September 2018) have warned kratom marketers not to make drug claims. But the seizure of kratom products simply because they contain
kratom, without the assurance of safety discussed above, may be the vanguard of future, similar enforcement actions.

The federal crusade against kratom began much earlier. In February 2014, the FDA issued an import alert that directs U.S. officials to detain imported dietary supplements and bulk dietary ingredients that are, or contain, kratom without physical examination (an import alert is easily imposed by FDA without a requirement for judicial authorization). In January 2016, the FDA administratively detained another kratom product under the FD&C Act, as amended by the Food Safety Modernization Act (FSMA). While an import alert is obviously aimed at blocking products at the U.S. border if FDA considers them to be violative, under its administrative detention authority (which can be exercised on any products in the United States), the FDA can detain a food or dietary supplement product if the agency has reason to believe the product is adulterated or misbranded. The product administratively detained in January 2016 was also the subject of a court-ordered seizure.

In December, FDA officials pledged more vigorous enforcement against allegedly noncompliant dietary supplements.

In addition to the kratom enforcement measures, our firm has noticed an uptick in threats of injunction actions against dietary supplement manufacturers or importers, even when the products do not have defects other than being handled under what FDA considers to be less than strict compliance with regulations. At the December 2018 Enforcement and Litigation Conference held by the Food and Drug Law Institute, FDA officials pledged more vigorous enforcement against allegedly noncompliant dietary supplements. Dietary supplement importers, manufacturers, and distributors would be well advised to carefully follow the CGMP regulations described above, to seek help from legal professionals or other qualified consultants, to justify their positions that incoming materials and finished products cannot be identified through scientifically valid tests, and to document thoroughly that new dietary ingredients do not present a significant or unreasonable risk of illness or injury. In addition, such entities should carefully consider whether submission of a new dietary ingredient notification is required.

False Claims Act: Government Price Reporting

United States ex rel. Streck v. Allergan, Inc.
No. 17-1014 (3d Cir. Aug. 16, 2018)

The Third Circuit Streck decision added to the body of law establishing that not every alleged error gives rise to a viable Federal False Claims Act (“FCA”) claim. The Third Circuit’s decision brought some measure of closure for some defendants based on allegations first lodged a decade ago regarding complex Medicaid Average Manufacturer Price (“AMP”) reporting obligations. The relator alleged that defendants, the so-called (“Service Fee Defendants”), had violated the FCA because they had improperly conflated service fees owed by manufacturers to wholesalers with so-called “price appreciation credits” resulting in improperly low and allegedly false AMPs.

As Streck reinforces, the FCA is not an all-purpose tool for policing every alleged price reporting error. Rather, it requires a “knowing” violation, the absence of which can defeat an FCA claim, even if the defendant made a reasonable mistake.

Many years after the time period relevant in this appeal, the Centers for Medicare and Medicaid Services (“CMS”) did provide some guidance on this issue. In the preamble to a 2016 regulation, CMS expressed its view that price appreciation credits amount to a price adjustment that should be recognized in AMP. 81 Fed. Reg. 5170, 5228 (Feb. 1, 2016).

Streck sought to impose FCA liability for conduct pre- dating such guidance. The defendants, without conceding any regulatory error argued that regardless ofthe correct regulatory treatment, the plaintiff failed to plead facts sufficient to make it plausible that the defendants had acted with the intent necessary to commit an FCA violation. While “knowingly” under the FCA encompasses both deliberate ignorance of and reckless disregard for the truth or falsity of the information, it does not reach a reasonable interpretation, even if erroneous.

For purposes of the appeal, the Third Circuit assumed that the Service Fee Defendants’ alleged interpretation was wrong and proceeded on that assumption. The Third Circuit applied the analytical framework used by the D.C. Circuit in United States ex rel. Purcell v. MWI

Corp., 807 F.3d 281, 287-88 (D.C. Cir. 2015). The three- part Purcell test asks: (1) whether the relevant statute was ambiguous; (2) whether the defendant’s interpretation was objectively reasonable; and (3) whether the defendant was “warned away” from that interpretation “by available administrative and judicial guidance.” With respect to the last item, it is noteworthy that Purcell, citing to the Supreme Court’s 2007 decision in Safeco Insurance Co. of America v. Burr, made it clear that such guidance must be “authoritative guidance” because “[i]n Safeco Insurance, the Supreme Court explained that informal guidance . . . is not enough to warn a regulated defendant away from an otherwise reasonable interpretation.” Purcell, 807 F.3d at 289-90.

The FCA violations alleged by the relator took place between 2004 and 2012. The Third Circuit found that, during that period, the available CMS guidance on calculating AMP in general “failed to articulate a coherent position on AMP and, specifically, price- appreciation credits.” Opinion at 14, United States ex

rel. Streck v. Allergan, Inc., 17-1014 (3d Cir. 2018). Under those circumstances, the court found that the relator had failed to plead that the defendants were “warned away” from their interpretation that price appreciation credits were excluded from AMP. Based on the Purcell framework, the Third Circuit agreed with the district court that the manufacturers’ alleged failure to include price appreciation credits as a price adjustment in calculating AMP could not sustain an FCA claim, because even if their interpretation was incorrect, it was not unreasonable.

As the Streck decision reinforces, the FCA is not an all- purpose tool for policing every alleged price reporting error. Rather, it requires a “knowing” violation, the absence of which can defeat an FCA claim, even if the defendant made a reasonable mistake.

FTC: Data Security

LabMD, Inc. v. Federal Trade Comm’n
No. 16-16270 (11th Cir. June 6, 2018)

The LabMD case, decided by the Eleventh Circuit in June
2018, affects the FTC’s authority to police data security practices, including health data security practices. In
LabMD, the court struck down an FTC cease and desist order based on LabMD’s allegedly negligent data security
practices. The court held that the requirements of the FTC order were insufficiently specific with respect to what would constitute a “reasonably designed” information security program, and conspicuously declined to address whether the FTC has authority to prosecute negligent data securit practices where tangible injury is lacking. The FTC filed an administrative complaint against LabMD inAugust 2013, accusing the company of failing to maintain reasonable data security measures. Issuance of the complaint followed a lengthy investigation by Commission staff into data security practices at LabMD, begun after Tiversa Holding Company (“Tiversa”) informed the FTC that it had obtained a LabMD file containing 9,300 patients’ personal and health information. A LabMD employee had inadvertently shared the file through a peer-to-peer data file-
sharing network called LimeWire. Four FTC Commissioners voted unanimously to file the complaint against LabMD. See
FTC Press Release: FTC Files Complaint Against LabMD for Failing to Protect Consumers’ Privacy.
During the administrative proceedings that followed, it came out that Tiversa — the entity that informed on LabMD to the FTC – had regularly engaged in the practice of “monetiz[ing]” documents it downloaded from peer-to-peer networks by
“using those documents to sell data security remediation services to the affected business, including by representing to the affected business that the business’ information had ‘spread’ across the Internet . . . when such was not necessarily the case . . .” See ALJ’s Initial Decision at 9, In re LabMd, Inc., No. 9357 (FTC filed Nov. 13, 2015). Tiversa reported its discovery of the LabMD file to the FTC in retaliation for LabMD’s failure to purchase Tiversa’s security
remediation services and inflated the scope of “spread” of the LabMD file. Id. at 9-10.

On November 13, 2015, Administrative Law Judge (“ALJ”) D. Michael Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, in part because the FTC did not adequately prove that LabMD’s “unreasonable” data security practices caused, or were likely to cause, substantial injury to consumers. Intangible emotional harm was not cognizable as a substantial injury under the FTC Act.

The FTC staff appealed the ALJ’s ruling to the full Commission, and on January 29, 2016, the Commission reversed the ALJ, holding that that LabMD’s lax security practices did constitute an “unfair act or practice within the meaning of Section 5 of the FTC Act.” Op. of the Comm’n at 1, In re LabMd, Inc., No. 9357 (FTC filed Jan. 29, 2016). The Commission issued a cease and desist order against LabMD, when LabMD appealed to the Eleventh Circuit.

The Eleventh Circuit struck down an FTC cease and desist order based on negligent health data security practices.

In its appeal, LabMD argued that the FTC erred in finding that the company’s security practices “cause or are likely to cause substantial injury” as required to deem an act “unfair” under the FTC Act, because the only injury that could have possibly occurred was intangible and even conjectural and could only have incurred in the past. LabMD further argued that a finding of “unfairness” necessitates a showing that goes beyond negligence. Rather, the act in question must be “deceptive or reckless.” Finally, LabMD argued that the FTC’s order was impermissibly vague because it did not specify how LabMD should meet the requirement to establish a “reasonably designed” information security

The Eleventh Circuit vacated the FTC’s cease and order based on LabMD’s last argument: The order was not enforceable because it, and the accompanying FTC complaint, were impermissibly vague. The court held that a lack of specific prohibitions would put a future court in the position of weighing the opinions of various experts about what is and is not “reasonable” in terms of an information security program, “and that this micromanaging is beyond the scope of court oversight contemplated by injunction law.”

The court’s ruling will likely result in the FTC pursuing more specific data security measures in administrative orders
and injunctions going forward. However, the fact that the
Eleventh Circuit did not conclusively address the FTC’s
authority over negligent information security practices
could also provide some protection to companies facing
FTC action, especially where tangible injury is lacking. At the very least, despite the increasing focus on privacy and
data security, this decision will force the Commission to be more circumspect about the details behind future data security-related complaints.

Medical Devices: Wire Fraud

United States v. Holmes and Balwani

Indictment, No. 5:18-cr-00258 (N.D. Cal. filed June 14, 2018)

The indictments of Theranos founder and CEO, Elizabeth Holmes, and COO, Ramesh “Sunny” Balwani on wire fraud charges are yet another example of the mounting legal ramifications stemming from an alleged multi- million-dollar scheme to defraud investors, doctors, and patients based, in part, on misrepresentations about whether the product needed premarket approval from FDA. To date, Holmes has settled a civil investigation by the Securities and Exchange Commission regarding fraud charges that Holmes deceived investors. The company similarly settled a civil lawsuit filed by a number of investors with similar fraud allegations.

The indictment alleges that Holmes and Balwani used statements to the press and on the company’s website to encourage the use of its blood testing laboratory services, despite knowing that the product had problems with accuracy and reliability.

According to the indictment that was unsealed on June 15, 2018, Theranos pursued the development of proprietary technology that could run clinical tests using only tiny drops of blood instead of the vials typically used for traditional analysis. Around 2013, Theranos began to publicize its technological advances, touting the many advantages of its technology over conventional blood testing, such as a shorter time for test results, minimized risk of human error, increased accuracy, and decreased cost. The indictment alleged that Holmes and Balwani used statements to the press and on the company’s website to encourage the use of its blood testing laboratory services, despite knowing that the product had problems with accuracy and reliability.

The government further alleged that Holmes and
Balwani represented to investors that Theranos did not
need FDA approval but was seeking approval
voluntarily, despite knowing as early as 2013 that FDA
required premarket approval. Under the FDC Act,
medical device manufacturers are required to obtain
FDA clearance or approval of products before
introducing them into interstate commerce. There is no
“voluntary” approval process, and the company’s
communications with FDA allegedly put the company on
notice that FDA required approval before marketing.
The indictment charged each defendant with two counts
of conspiracy to commit wire fraud, in violation of 18
U.S.C. § 1349, and nine counts of wire fraud, in violation
of 18 U.S.C. § 1343. If convicted, the defendants face a
maximum sentence of twenty (20) years in prison, and a
fine of $250,000, plus restitution, for each count of wire
fraud and for each conspiracy count.

Controlled Substances: Healthcare Employee Diversion and Civil Liability

Effingham Health System (S.D. Ga. 2018)

University of Michigan Health System (E.D. Mich. 2018)

Civil Penalty Settlements

A stark reality of the opioid abuse epidemic is the diversion and abuse attributed to healthcare professionals. Two recent civil penalty settlements highlight not only the public health consequences of such diversion but also the financial penalty to hospitals and other healthcare facilities that fail to monitor and account for controlled substances.
The federal Controlled Substances Act (“CSA”) and regulations promulgated by the Drug Enforcement Administration (“DEA”) establish a closed chain of
distribution intended to secure the drug supply and prevent diversion and abuse of legitimate controlled substances. This is accomplished through registration, recordkeeping and reporting, and security requirements intended to fully account for controlled substances throughout the supply chain. Hospitals and other registrants are required to maintain effective controls and procedures to guard against controlled substance theft and diversion. See, e.g., 21 U.S.C. § 823(g); 21 C.F.R. § 1301.71(a). DEA registrants must obtain a registration for each location handling controlled substances. Registrants are also subject to stringent recordkeeping requirements to account for all controlled substances received, stored and dispensed, 21 U.S.C. §§ 827 and 828, as well as reporting requirements that include notifying DEA of thefts or significant losses in writing within one business day of discovery. 21 C.F.R. § 1301.76(b). The federal CSA also provides for significant civil penalties for failing to comply with these regulatory requirements.
In 2018, two hospitals agreed to the largest civil settlements to date related to recordkeeping and reporting violations under the federal CSA. On May 16, 2018, Georgia’s Effingham Health System (“EHS”) agreed to pay $4.1 million in civil penalties and three months later the University of Michigan Health System (“UMHS”) agreed to pay $4.3 million. In both cases, diversion by healthcare employees were at the center of the alleged violations, with dire consequences. Moreover, the failure to maintain appropriate recordkeeping and reporting procedures contributed to the diversion and abuse. DEA began investigating EHS after learning that “tens of thousands of oxycodone 30 mg tablets” were unaccounted for and believed to have been diverted by healthcare employees over four years. See DOJ, Press Release, Southern District Of Georgia Announces Largest Hospital Drug Diversion Civil Penalty Settlement in U.S. History (May 16, 2018).

DEA’s investigation revealed that EHS had failed to maintain appropriate recordkeeping procedures to detect the diversion and concluded that EHS failed to report the suspected diversion. EHS “overhauled its pharmacy operations” to prevent future diversion by conducting quarterly internal accountability audits and maintaining detailed records. Id.

Hospitals and other healthcare facilities are facing millions of dollars in civil penalties for failing to maintain adequate systems to prevent diversion and abuse by healthcare employees.

DEA’s investigation of UMHS, a large public, not-for-profit, tax-exempt teaching hospital with off-site ambulatorylocations began after it was reported that a nurse and an anesthesiology resident overdosed on opioids, including fentanyl. DEA’s investigation revealed that UMHS distributed controlled substances to 15 state-licensed ambulatory care locations that had not been registered with DEA. Also, UMHS committed “significant” recordkeeping violations, including failure to maintain complete and accurate transaction records and failure to notify DEA of the thefts. See DOJ, Press Release, Eastern District of Michigan Announces Record-Setting Hospital Drug Diversion Civil Penalty Settlement with the University of Michigan Health System (Aug. 30, 2018). DEA determined that UMHS’ recordkeeping deficiencies “negatively impacted” its ability to guard against theft and diversion. Id. UMHS employees allegedly diverted 16,000 hydrocodone dosages between May 2011 and January 2012 and registered nurses diverted controlled substances for months or years, even replacing fentanyl with saline for administration to patients. These investigations and settlements underscore that healthcare professionals, even those with state licenses and training, are contributing to the opioid abuse epidemic. Hospitals must ensure that policies and procedures address these risks and ensure complete accountability for controlled substances. Systems to maintain complete and accurate records, conduct frequent accountability audits and reconcile discrepancies are critical to reduce employee diversion. Hospitals and other healthcare entities may need to go beyond current inventory requirements and conduct more periodic accountability audits to protect against these risks

FTC: Citizen Petition Process

Federal Trade Comm’n v. Shire ViroPharma, Inc.
No. 17-cv-00131 (D. Del. Mar. 20, 2018)

A ruling by the District Court for the District of Delaware
dismissing a case brought by the Federal Trade Commission
(FTC) for anti-competitive use of the Food and Drug
Administration’s (FDA’s) citizen petition process could
broadly impact the FTC’s authority to litigate cases in federal
court. The FTC’s primary statutory mechanisms for seeking injunctive and other relief from entities and individuals it believes have violated the FTC Act are:
1. Section 5(b) of the FTC Act, which authorizes the FTC to file an administrative complaint seeking an administrative cease and desist order, and
2. Section 13(b) of the Act, which authorizes the FTC to bring suit in federal court seeking injunctive relief. Both routes offer distinct benefits and downsides from the FTC’s perspective, and it is often unclear why the FTC uses one route in any given case. In 2017, the FTC sued Shire for anti-competitive use of the FDA’s citizen petition process to delay generic competition. According to the complaint, a company that Shire had since purchased, ViroPharma, exploited FDA’s petition process with more than forty-six regulatory and court filings.
ViroPharma’s petitions, regulatory submissions, and
litigation against FDA were ultimately unsuccessful on the
merits. Notwithstanding, FTC’s complaint alleged that
“ViroPharma’s campaign…succeeded in delaying generic
entry at a cost of hundreds of millions of dollars to patients
and other purchasers.” Complaint at 2.
In March 2018, the district court granted Shire’s motion to
dismiss the FTC’s complaint, holding that the FTC had failed
to plead the facts necessary to invoke its authority to sue for
permanent injunction in federal court (FTC Act § 13(b) (15
U.S.C. § 53(b))) because it did not allege an ongoing or
imminent violation of the FTC Act.

The final sentence of section 53(b) – “Provided further, That in proper cases the Commission may seek, and after proper proof, the court may issue, a permanent injunction” – has historically been viewed as a separate grant of authority for the FTC to litigate its case against a company or individual in federal court, regardless of whether the requirements in sections 53(b)(1) and (2) are satisfied. In
dismissing the case, the district court rejected this view. Instead, the court accepted Shire’s argument that the statutory language authorizes FTC to “bring suit” only upon satisfying the conditions of (b)(1), and after which it “may seek” certain types of relief, including either preliminary or permanent injunctive relief. Thus, to seek permanent injunctive relief in federal court, the FTC must have already satisfied the requirements for bringing suit by alleging that the defendant “is violating or is about to violate” a law enforced by the FTC.

If the district court’s statutory interpretation is accepted more broadly, it would significantly limit a statutory mechanism that the FTC has used extensively to seek injunctive and other relief in both antitrust and consumer protection actions since the 1980s.

The court further rejected the FTC’s alternative argument that “is about to violate” should be read as equivalent to the general standard for awarding injunctive relief – i.e., that the violation is likely to recur. The court ruled that the FTC must adequately allege an ongoing, or imminent future violation, and it had not done so with respect to ViroPharma. If the district court’s statutory interpretation is accepted more broadly, it would significantly limit a statutory mechanism that the FTC has used extensively to seek injunctive and other relief in both antitrust and consumer protection actions since the 1980s. It would prevent the FTC from bringing suit in federal court for past violations of the FTC Act and other laws enforced by the FTC, and from seeking damages and restitution for such violations (let alone permanent injunctions) unless it can also allege an imminent future violation. With respect to past violations, the FTC would be required to first engage in administrative litigation pursuant to FTC Act § 5(b) 15 U.S.C. § 45(b).

DSQA: Outsourcing Facilities

United States v. Cantrell Drug Co. (E.D. Ark. 2018)
United States v. Delta Pharma, Inc. (N.D. Miss. 2018)
Consent Decrees

Outsourcing facilities are a new breed of drug “manufacturers”: compounders that voluntarily register with the United States Food and Drug Administration (FDA), and may compound drug products for “office stock” without a prescription for an individually identified patient. See Federal Food, Drug, and Cosmetic Act (FD&C Act) § 503B et seq. Outsourcing facilities are entitled to certain important exemptions from the FD&C Act, such as new drugs, adequate directions for use, and product tracing requirements, so long as they lawfully compound drug products in accordance with Section 503B, including adhering to FDA’s current good manufacturing practice regulations (cGMP). Since the passage of the Drug Quality and Security Act (DQSA) in November 2013, which established outsourcing facilities, well over 100 entities have voluntarily registered with FDA to become outsourcing facilities – and over 40 have already deregistered. As reflected in the FDA observations and
Warning Letters received by outsourcing facilities, the substantial majority of them have experienced difficulties transitioning from entities regulated as pharmacies to drug facilities held to FDA’s cGMP regulations. Five outsourcing facilities have been the subject of enforcement actions by the Department of Justice and FDA as well.

Since enactment of the DQSA in November 2013, over 100 facilities have voluntarily registered to become outsourcing facilities – and of those facilities over 40 have de-registered.

Two of those enforcement actions occurred during 2018. The Department of Justice filed Complaints for Permanent Injunction and entered into Consent Decrees of Permanent Injunction involving two facilities, Cantrell Drug Company in Arkansas, and Delta Pharma, Inc., in Mississippi. In addition to naming the two companies, the decrees (as is typical of consent decrees involving drug manufacturing) also name as defendants individuals responsible for product quality at each of the organizations. Both Complaints for Permanent Injunction allege that the entities are subject to the FD&C Act’s provisions that deem drugs adulterated if they are “prepared, packed, or
held under insanitary conditions whereby [they] may have been
contaminated with filth, or whereby it may have been rendered
injurious to health,” pursuant to 21 U.S.C. § 351(a)(2)(A).
Both Complaints address the entire FDA inspection history of
the entities, stating that these aseptic compounders on
repeated occasions and over the course of multiple inspections
were observed to have deviated from FDA’s cGMPs.

While consent decrees are nothing novel in the drug manufacturing world, consent decrees against outsourcing facilities, of which there are only around 75 such facilities, and which have only existed under the current statutory scheme for six years, demonstrate FDA’s vigilance in ensuring that these new entities must consistently comply over time with FDA’s drug manufacturing cGMP and insanitary conditions requirements. Even more interestingly, notwithstanding very recent enactment of the DQSA, the consent decrees against both Cantrell and Delta Pharma address conduct that FDA observed at the facilities (as then-compounding pharmacies) prior to the enactment of the DQSA – as far back as 2004. Thus, in considering taking enforcement action, FDA and DOJ considered conduct that FDA observed at the entities well prior to the existence of the current regulatory and statutory scheme for outsourcing facilities, and repeated inspection observations concerning aseptic practices over a period of several years. The detailed provisions of both decrees are similar to the three earlier consent decrees DOJ negotiated against outsourcing facilities (such as Isomeric Pharmacy Solutions and Medistat in 2017; and Downing Labs in 2016). Like the three prior decrees, the 2018 Consent Decrees require the entities to cease compounding operations. In order to resume compounding operations, the decrees broadly require that defendants ensure that the facilities, methods, and controls used to manufacture, hold, and distribute drugs are established, operated and administered in conformance with the terms of the decrees and the FD&C Act, and are adequate to prevent adulteration of drug products produced at the facility. Importantly, the decrees (which are identical in most material respects) require that the facilities retain an expert to conduct a thorough cGMP audit (and a review of all prior FDA observations) to determine whether the entity is in compliance with cGMP, and to recommend corrective actions. The expert must certify in writing that the facility has complied with the compliance requirements set forth in the decree. In addition, each facility must destroy all in-process and finished drugs except as needed for validation studies (and which will not be distributed). If, after the initial audit process is completed and FDA permits the facility to reopen, then the facility must continue to engage in frequent independent audits (that are reported to FDA) as set forth in the decree for the 5-year duration of the decree. Notwithstanding stringent and long-lasting requirements set forth in the Consent Decrees for both Delta Pharma and Cantrell Drug, Cantrell announced in late September 2018 that it was resuming aseptic compounding operations. Of the five facilities that have been the subject of a consent decree since the enactment of the DQSA in 2013, Cantrell Drug is the only entity that has managed to meet FDA’s requirements and resume production.

Opioid Stewardship Act

Healthcare Distribution Alliance v. Zucker
Opinion and Order, No. 1:18-cv-06168 (S.D.N.Y. Dec. 19, 2018)

On December 19, 2018, the United States District Court for the Southern District of New York handed down an early holiday present for every manufacturer and distributor that sells opioids in New York State. The court rendered unconstitutional the state’s recently enacted Opioid Stewardship Act (“Act”), codified at N.Y. Pub. Health L. §3323 and N.Y. State Fin. Law § 97-aaaaa, which became effective July 1, 2018. The Act is New York’s attempt to grapple with the opioid crisis that has hit that state as well as the nation. As the court noted in the opening lines of its opinion, “New York has taken proactive measures to treat existing opioid addiction, to prevent future addiction, and to educate New Yorkers about the dangers of opioid dependence.” Decision at 2. The Act creates a $600 million fund, which is derived from annual assessments of pharmaceutical manufacturers and distributors licensed to distribute opioids in New York. The assessment is spread out over a six-year period, and each licensee’s annual assessment is calculated based on the prior year’s sales. The Act calculates the assessment for each licensee by the total amount of morphine milligram equivalents (“MMEs”) sold in the State by the licensee during the prior year, commencing in 2018 Notwithstanding the Act’s noble purpose, on July 6, 2018, Plaintiff Healthcare Distribution Alliance filed a complaint seeking a declaratory judgment that the Act was unconstitutional, and a permanent injunction prohibiting its implementation. Id. at 2. Two other plaintiffs, the Association of Accessible Medicines and SpecGx LLC, also challenged the “pass-through prohibition” forbidding opioid
distributors and manufacturers from passing on the payments or costs due to New York under the Act to downstream purchasers of opioid products. Although the State moved to dismiss all cases on jurisdictional and prudential grounds, the plaintiffs filed motions for summary judgment. The court held that the method “by which the Act extracts payments from opioid manufacturers and distributors to redress those concerns violates the Dormant Commerce Clause of the United States Constitution.” Id. at 3.
The court held that the payment is not a tax (a tax would be permissible pursuant to the Federal Tax Injunction Act prohibiting district courts from enjoining collection of any state tax), but instead a regulatory penalty on manufacturers and distributors, which improperly burdens interstate commerce.

Furthermore, the court held that the Act would have the effect of discriminating between purchasers of opioids in New York and those outside of the state’s boundaries, as any additional charge could be passed through to those located outside of New York; thus, the Act treats New York customers of opioids differently than those located out of state. Interestingly, the court noted that, although the Dormant Commerce clause prevents New York from enforcing the Act, the Dormant Commerce Clause does not “speak to the ability of the federal government to pass similar legislation.” Id. at 49. Thus, the court granted the plaintiffs’ motions for preliminary injunction and declaratory judgment, holding that the Act is unconstitutional.

On December 19,

New York was permanently enjoined from enforcing the State’s newly enacted Opioid Stewardship Act.

So, what happens next? Manufacturers and distributors that are licensed to sell opioid drug products into New York were required to provide estimates of MMEs for 2018 sales, and then were invoiced by the State based on that MME amount, of which payments are due in January 2019. The court issued its decision on December 19, 2018, specifically noting at page 14 that it was leaving time for the parties to appeal the decision to the United States Court of Appeals for the Second Circuit, before payments are due in January 2019. On December 21, the Court entered an amended Order and Judgment stating:
The Court hereby DECLARES that the Opioid Stewardship Act, 2018 N.Y. Sess. Laws 57, S.7507-C, codified at N.Y. Pub. Health Law § 3323 and N.Y. State Fin. Law § 97-aaaaa (“the OSA”), violates the Commerce Clause of the Constitution. Defendants and all of their officers, agents, servants, employees, successors, assigns, and attorneys, as well as any persons or entities acting in concert with them or on their behalf are hereby
PERMANENTLY ENJOINED from enforcing the OSA. As of the date of this writing, the docket does not reflect anappeal by defendants.

Cases to Watch in 2019

Eagle Pharms., Inc. v. Azar, No. 18-5207 (D.C. Cir.)
In August 2018, Eagle Pharmaceuticals won its suit against FDA for violating the Administrative Procedure Act when it refused to grant exclusivity to Eagle’s orphan drug product, Bendeka. The Orphan Drug Act provides a seven-year period of exclusivity to drugs that are (1) designated by FDA as “orphan drugs” (i.e., for treatment of rare diseases or conditions) and (2) approved by FDA for use in that disease or condition. The district court held that FDA wrongly denied exclusivity to Bendeka and ordered FDA to grant orphan drug exclusivity for Bendeka. Two companies with generic versions of Bendeka, as well as FDA, appealed the decision to the D.C. Circuit; a decision is expected in 2019. In a separate action, the court in United Therapeutics Corp. v. Department of Health & Human Services, No. 1-17-cv-01577, stayed its ruling pending resolution of the Eagle appeal on the ground that the case addresses the same legal issue. United Therapeutics is represented by HPM.

Carlton & Harris Chiropractic, Inc. v. PDR Network, LLC, No. 17-1705 (U.S.)
Carlton & Harris sued PDR Network for alleged violations of the commercial fax provisions of the Telephone
Consumer Protection Act (“TCPA”). The Fourth Circuit ruled in Carlton & Harris’s favor, relying on an
interpretation of the TCPA issued by the Federal Communications Commission (“FCC”). The Supreme Court
granted PDR Network’s petition to review that ruling but limited its review to a single question: whether federal
courts are bound to accept a federal agency’s interpretation of a statute such as the TCPA without considering
the validity of that interpretation. The case has important implications for administrative law that are not limited
to the TCPA or to the FCC.

Center for Food Safety v. Price, No. 17 Civ. 3833 (S.D.N.Y.)
In May 2017, several nonprofit entities filed a lawsuit against FDA challenging the legality of FDA’s final rule formally establishing the GRAS notification process. When a substance is determined to be “generally recognized as safe” or “GRAS,” it can be used in food without satisfying premarket review requirements for food additives. Plaintiffs asserted that FDA created a “secret GRAS system” that does not require a manufacturer to provide notice to FDA or the public, or to maintain records that document or explain the basis for its conclusion that a use of a substance is GRAS. This “secret GRAS system” allegedly has permitted an “estimated thousand chemical substances” to be added to food without undergoing premarket safety review via the food additive petition process. The case is proceeding for two plaintiffs: the Center for Food Safety and the Environmental Defense Fund. Briefing will begin in early 2019.

United States v. USPLabs LLC, No. 15-cr-00496 (N.D. Tex.)
In November 2015, an 11-count indictment was filed against USPLabs LLC, a Dallas firm that manufactured highly popular workout and weight loss supplements. According to the indictment, the company conspired to import and sell synthetic dietary supplements but falsely marketed the products as plant-based under the theory that federal regulatory agencies would be less likely to question the importation of plant extracts, and retailers
would be more likely to sell such products. The government alleged that, in the Fall of 2013, an outbreak of injuries was associated with USPLabs’ aegeline-based products after numerous consumers in Hawaii experienced liver-related symptoms, including liver failure. Although USPLabs agreed to cease distributing these products, it did not, and rather pushed sales as fast as possible. The criminal trial against USPLabs is expected in 2019.

About Hyman, Phelps and McNamara, P.C.
Hyman, Phelps & McNamara has its finger on the pulse of the FDA and extensive experience with the universe of issues faced by companies regulated by FDA. As the largest dedicated FDA law firm in the United States, our technical expertise and industry knowledge are exceptionally wide and deep. We represent clients in administrative, civil, and criminal litigation. We regularly defend our clients against allegations of violations of law by state and federal regulators and prosecutors. Examples of our defensive litigation include:
• Litigating DEA immediate suspension orders and orders to show cause, and Controlled Substances Act cases
seeking criminal sanctions and/or civil monetary penalties
• Defending Federal False Claims Act cases
• Defending federal criminal charges
• Litigating seizure actions
• Representing witnesses in depositions, hearings, and trials
• Defending State Attorney General actions
We also sue the government when it violates our clients’ rights. Our affirmative government litigation includes
suits against agencies for:
• Unlawful FDA decisions regarding market exclusivity under the FDC Act
• Unreasonable delay in agency action
• Unlawful product classification
• Arbitrary and capricious or otherwise unlawful agency action, such as
o Actionable FDA Warning Letters
o Unlawful FDA approval of competitors’ products
o Failure to approve our clients’ products
o Improper imposition of import detentions
Please see our website at or the FDA Law Blog ( for more information.

ALL Credits & Resources:

Hyman, Phelps & McNamara, P.C.
700 13th Street, Northwest, Suite 1200
Washington, D.C. 20005
(202) 737-5600