labor law elections

OSHA Clarifies Discipline, Retaliation and Drug Testing Commentary

When the Occupational Safety and Health Administration (OSHA) released its 2016 final rule requiring the electronic reporting of workplace injury and illness reports, it included controversial provisions on discriminatory discipline, retaliation, and even post-incident drug testing by employers. The uproar was instantaneous, with industry groups quickly filing lawsuits challenging OSHA’s authority to enforce the rule. Originally scheduled to go into effect on August 10th, the effective date for the new anti-retaliation rule was pushed back by OSHA until November 1st, and more recently, until December 1st.

In the interim, Dorothy Dougherty, OSHA’s Deputy Assistant Secretary, issued an interpretation memorandum designed to explain the anti-retaliation and injury reporting procedures in more detail. The interpretation may help clarify what your organization must do in order to comply with the final rule – even if it doesn’t make the rule more palatable.

Reasonable Procedures For Employees To Report Workplace Injuries/Illnesses labor law elections

An employer violates OSHA’s new final rule if it either fails to have a procedure for employees to report work-related injuries or illnesses, or its reporting procedure is unreasonable. OSHA states that this requirement is not new, as it was implicit in the previous version of the rule. But now, it is an explicit employer requirement.

OSHA considers a reporting procedure to be reasonable if it is not unduly burdensome and would not deter a reasonable employee from reporting an injury or illness. Examples of what it considers reasonable and unreasonable are as follows:


  • Requiring employees to report a work-related injury or illness as soon as practicable after realizing they have a reportable incident, such as the same or next business day, when possible

  • Requiring employees to report work-related injuries or illnesses to a supervisor through reasonable means, such as by phone, email or in person.


  • Requiring ill or injured employees to report in person if they are unable to do so

  • Disciplining employees for failing to report “immediately” if they are incapacitated because of the injury or illness

  • Disciplining employees for failing to report before they realize they have a work-related injury that they are required to report

  • Unnecessarily cumbersome or an excessive number of steps to report a work-related injury or illness

In short, if your procedure allows employees to report workplace injuries and illnesses within a reasonable amount of time after they realize they have experienced a reportable event, and the procedure does not make employees jump through too many hoops, it will be reasonable and comply with the final rule.

Anti-Retaliation Provision Explained

Retaliating against employees for reporting work-related injuries or illnesses has long been unlawful. To issue a citation under section 1904.35(b)(1)(iv), OSHA must have reasonable cause to believe that an employer retaliated against an employee by showing:

  1. The employee reported a work-related injury or illness;

  2. The employer took adverse action against the employee (i.e., action that would deter a reasonable employee from accurately reporting a work-related injury or illness); and

  3. The employer took the adverse action because the employee reported a work-related injury or illness.

As in most employment retaliation cases, the third element on causation is often the toughest to prove. The determination is made on a case-by-case basis, depending on the specifics facts in any particular case.

OSHA has focused its commentary primarily on three types of potentially retaliatory actions—discipline policies, incentive programs, and post-accident drug testing. OSHA’s recent interpretation helps shed light on how employers should address these three issues to avoid a citation for a violation of the anti-retaliation rule.

Disciplining Employees For Violating Work Safety Rules

Employers violate the anti-retaliation provision by disciplining or terminating employees for reporting a work-related injury or illness. But, if an employer has a legitimate business reason for imposing discipline, such as the employee’s violation of a workplace safety rule, then there is no retaliation and no violation.

OSHA states that the primary inquiry is whether the employer has treated other employees who similarly violated a safety rule the same way – in other words, did the employer impose the same adverse action regardless of whether the other employees reported a work-related injury or illness. If the rule is consistently applied, then no retaliation exists. However, if the employer disproportionately disciplined employees for violating a rule when they reported workplace injuries, or the employer ignored violations of the safety rule when there was no injury or illness, OSHA may find that the actual reason for the discipline was the reported injury or illness rather than the rule violation.

Incentive Programs

OSHA does not prohibit employers from having safety-related incentive programs. But, it does prohibit employers from withholding a benefit or otherwise penalizing an employee because of a reported injury or illness. OSHA provides this example: if an employer raffles off a $500 gift card at the end of each month in which there are no workplace injuries, such an incentive program would violate the anti-retaliation provision as it withholds the incentive (i.e., the $500 gift card) when an employee reports a work-related injury. On the other hand, an acceptable alternative would be for the employer to raffle off a gift card each month in which employees universally comply with legitimate safety rules, such as using required fall protection and following lockout-tagout rules. The key is whether the employer is withholding a benefit because of a reported work-related injury. Incentive programs that penalize the reporting of injuries and illnesses are likely to result in an OSHA citation.

Post-Accident Drug Testing

One of OSHA’s more troubling and confusing anti-retaliation position is its stance that drug testing employees who report a work-related injury or illness can be considered retaliation. Many employers impose drug testing following any workplace accident or incident that results in injuries. OSHA states that while it does not prohibit employers from drug testing employees who report work-related injuries, employers must have an objectively reasonable basis for such testing.

So what is an objectively reasonable basis for testing? OSHA states that it will consider factors including whether the employer has a reasonable basis for concluding that drug use could have contributed to the injury or illness, whether other employees involved in the incident that caused the injury were also tested (or whether only the employee who reported an injury was tested), and whether the employer has a heightened interest in determining if drug use could have contributed to the injury due to the hazardousness of the work being performed.

In addition, OSHA will consider whether the drug test is capable of measuring impairment at the time the injury occurred, where such test is available. In its interpretive memo, though, OSHA states that at this time, the agency will consider this factor for tests that measure alcohol use, but not for tests that measure the use of any other drugs.

The bottom line is that OSHA is looking whether an employer is using drug and/or alcohol testing as a form of discipline against employees who report a workplace injury, which would be retaliation. Consequently, post-accident drug testing is permitted if all workers involved in the accident are tested in order to gain insight into the cause of the accident. But drug testing an employee whose injury could not possibly be related to drug use, such as a repetitive strain injury, would be seen as retaliation. 

Key Takeaways

Assuming that the anti-retaliation rules survive their legal challenges, employers should prepare to implement a reasonable procedure for employees to report work-related injuries and illnesses. Organizations should review any safety-related incentive programs and remove any punitive effects or withholding of benefits/incentives if an employee reports a workplace injury. When adopting and enforcing drug testing policies, be certain to test all workers involved in a workplace incident, not just those who were injured or reported an injury. And last but not least, be very mindful when deciding to discipline or terminate an employee who has reported a workplace injury or illness. Without a legitimate, well-document business reason for the discipline that is unrelated to the injury report, you may find your business cited for retaliation.

Copyright Holland & Hart LLP 1995-2016.

Will Republicans Embrace Center for Medicare and Medicaid Innovation’s Authority?

Center for Medicare and Medicaid Innovation (CMMI) The Affordable Care Act (ACA) and the Medicare and CHIP Reauthorization Act (MACRA) provided the Centers for Medicare & Medicaid Services (CMS) and the newly created Center for Medicare and Medicaid Innovation (CMMI) tremendous authority. With Republicans set to take control of both the White House and Congress, the future of that authority is very much in question.

The ACA created CMMI to test innovative payment and service delivery models to reduce program expenditures and improve care.  To carry out this goal, the ACA allows CMMI to waive any Medicare provision of the Social Security Act, as well as select Medicaid provisions, that may be necessary to carry out and evaluate demonstration policies.  If the demonstrations prove effective, CMS may implement the program nationally.

Over the past few years, CMS has implemented numerous demonstration projects under CMMI’s authority.  These include delivery reform demonstrations such as the Medicare Shared Savings Program and Pioneer ACO program, as well as the Financial Alignment Initiative, which integrates care for dual-eligible individuals in select states. Demonstrations such as the Medicare Advantage Value-Based Insurance Design Model have focused on encouraging the use of high-value clinical services, while others, such as the Diabetes Prevention Program, have focused on preventive service models.  In July of this year, CMS proposed expanding the Diabetes Prevention Program nationally.

While there have been successes, CMS’s use of this authority has not been without controversy and criticism.  In September of this year, Rep. Tom Price, along with over 150 members of Congress, sent a letter to CMS condemning CMMI’s large mandatory demonstrations, citing that “CMMI has exceeded its authority, failed to engage stakeholders, and has upset the balance of power between the legislative and executive branches.”  This letter specifically attacked the Cardiac Bundled Payment Model, the Comprehensive Care Joint Replacement Model, and notably, the Part B Drug Payment model as problematic programs.  Further, the House Budget Committee held a hearing criticizing the authority granted CMS and CMMI to effectively usurp the role of Congress in creating public policy.  With Rep. Tom Price, current Chairman of the House Budget Committee, reportedly under consideration for HHS secretary in the Trump Administration, the future for CMMI is very much in question.

It is possible that Republicans will now move to defund or otherwise limit CMMI’s authority given their recent attacks on it.  However, CMMI provides an avenue to test and garner buy-in for new models of care that otherwise did not exist.  Republicans may realize the opportunity that CMMI could provide as they transition away from the Affordable Care Act.  If Republicans want to maintain this authority or provide states greater authority to demonstrate coverage models, they could leverage CMMI’s authority to do so.

Immigration Policy Choices Under the New Administration

immigration policyNow that the election is over, focus turns to the U.S. immigration policy of President-elect Donald J. Trump’s administration over the next four years. Forecasts of this type are never easy with any new President; the task is even more difficult this year because immigration policy dialogue during the campaign focused so heavily on illegal immigration and the Mexican wall. The critical questions to which our clients seek answers concern the policies that will define “business” immigration.

In this Special Immigration Alert, we will discuss 10 areas that impact business immigration and explore potential paths that the Trump administration might follow in addressing them.

  1. Executive Orders: During the campaign, President-elect Trump indicated that he would vacate all executive orders issued by the Obama administration In the immigration area, the relevant executive orders would, in large part, consist of the Deferred Action for Childhood Arrivals (“DACA”) and the Deferred Action for Parents of Americans (“DAPA”). As our readers know, DACA and DAPA have been subject to numerous legal challenges since these executive orders were issued. Nevertheless, thousands of foreign nationals (“FNs”) received work authorization under these programs and are now employed within the United States. If  DACA and DAPA are vacated, these FNs would lose their temporary protection against removal and their right to work in the United States. Employers need to start planning now for this possibility.

  2. Temporary Protected Status (“TPS”): Under the immigration laws, the U.S. President has authority to grant TPS to citizens of any country who are temporarily unable to return to their home country due to ongoing armed conflicts or natural disasters. Those in TPS status are granted temporary refuge here and permitted to work. If it follows several recommendations of the Center of Immigration Studies, as some Trump supporters have suggested, the Trump administration could restrict the circumstances under which TPS grants are issued and terminate current grants earlier, requiring affected FNs to return home sooner.

  3. Free Trade Agreements (“FTAs”): A major focus of the Trump campaign was the renegotiation/repeal of the North American Free Trade Agreement (“NAFTA”). The United States is a party to other FTAs with Chile, Singapore, and Australia that were not a primary focus of the campaign. Each of these FTAs contains immigration provisions. The questions are what, if anything, the Trump administration will do regarding these FTAs and what impact, if any, the administration’s actions may have on continued immigration under these FTAs or on the status of those FNs already here.

    The concern about the continuing viability of these FTAs as a source for immigration is real, but the likelihood of an immediate abrogation of these FTAs and their immigration provisions is not great. At the outset, it seems that the Trump administration will focus more on immigration enforcement than on the FTAs, given the emphasis in candidate Trump’s campaign regarding the need to address southern border security issues and the problems posed by aliens in this country who have committed crimes. Moreover, even if cancelling these FTAs was formally pursued by the administration, most contain provisions that require six or more months of prior notice, and Congress may want to weigh in on this process as well.

  4. Nonimmigrant Classifications (H-1B/L-1B): During the campaign, candidate Trump indicated that he wanted to revamp the H-1B program because it took jobs away from Americans. Since the H-1B program is largely statutory, it would be hard for any change to be effected immediately. With a Republican Congress, and historical Democratic opposition to the H-1B program, however, this could be an issue on the legislative agenda for 2017 if there is public pressure for immigration reforms. While the ultimate package is uncertain, there is a possibility of aligning the entire H-1B program with the current requirements for H-1B dependent employers. H-1B dependent employers are those that employ 15 percent or more H-1Bs as part of their overall workforce, and they are required to demonstrate the absence of qualified U.S. workers before an H-1B petition can be approved for a new employee.

    Although the President-elect and his transition team have been relatively silent on other temporary working visa classifications, the L-1B classification has been the subject of controversy since December 2003, when Business Week published an article entitled “A Loophole as Big as a Mainframe.” The gist of the article was that third-party consultants were able to circumvent the salary requirements of the H-1B program by classifying their IT professionals as experts with “specialized knowledge” under the L-1B category. Following this article, Congress passed the L-1B Reform Act, which put limitations on the ability of consulting firms to place L-1B employees on worksites that were not their own. U.S. Citizenship and Immigration Services (“USCIS”) also began issuing progressively narrow interpretations of the L-1B definition of “specialized knowledge” to address this issue. This trend continued until March 2015, when USCIS issued what the agency characterized as “more relaxed” guidelines. In practice, the L-1B classification remains a volatile area in business immigration and, thus, may attract scrutiny from the new administration.

    Like the H-1B program, the L-1B classification is statutory and immediate changes to the program are therefore unlikely. However, the new administration could issue guidance returning USCIS back to an even more restrictive interpretation of “specialized knowledge,” and this would have a much more immediate impact on the eligibility of FNs for this classification. Here also, the new administration could ramp up the number of anti-fraud site visits at L-1B employers to make sure that they comply with the L-1B Reform Act. If this occurs, it likely would have a disproportionate impact on smaller organizations that do not utilize the blanket L program.

  5. F-1 Optional Practical Training (“OPT”): OPT has become an increasingly controversial component of the U.S. educational system. Prior regulations allowed foreign students up to one year of OPT work authorization following graduation. Recent regulatory changes have increased the authorized OPT work period up to three years if the FN has a STEM (Science, Technology, Engineering, and Mathematics) degree and the employer is registered with and using E-Verify. Several people reportedly advising the President-elect on immigration policy have expressed opposition to OPT because, in their view, it siphons employment opportunities from U.S. workers. Under the Trump administration, we can expect this debate to continue. The alteration or elimination of OPT work authorization, however, would require changes in the existing regulations. These changes do not appear to be imminent.

  6. Spousal Employment: Many spouses of FNs legally in the United States are authorized by statute to work. Examples are the spouses of E and L nonimmigrants and applicants for permanent residence. In many other cases, however, spousal employment rests on regulatory provisions. Examples include employment authorization granted to the H-4 spouses of H-1B nonimmigrants who are the beneficiaries of approved I-140 petitions, or who are permitted to work here beyond six years pursuant to Section 106(a) of the American Competitiveness in the Twenty-First Century Act of 2000. Any administration emphasis on creating more job opportunities for Americans suggests that these regulatory provisions might be part of efforts to review the existing immigration system. Revising those provisions, however, cannot be accomplished by executive order and will require a regulatory change.

  7. Visa Processing: Most FNs seeking admission to the United States must first apply for and secure a visa. During this visa application process, the U.S. Department of State conducts security and background checks to make sure that the FN does not pose a threat or otherwise violate U.S. immigration requirements. Throughout the campaign, candidate Trump repeatedly promised to enhance the current U.S. immigration vetting process to prevent terrorists and criminals from entering the country. If the vetting process for FNs applying for U.S. visas is materially changed, this may significantly delay the immigration process for everyone.

    At the same time, the Visa Waiver Program (“VWP”) has come under additional scrutiny because it represents an exception to the standard visa application process. Given President-elect Trump’s stance on tightening the security screens on any FN seeking admission to the United States, it is likely that the VWP will also be under scrutiny in any Trump administration immigration policy review.

  8. Expansion of E-Verify: E-Verify is the system offered by the federal government to check the identity and work authorization of all new employees. With certain exceptions, it currently is voluntary for most employers, except in states that mandate its use. Arizona was the first state to require employers to use E-Verify or risk loss of their license to do business in the state, and the state statute imposing this requirement, the Legal Arizona Workers Act, was upheld by the U.S. Supreme Court in Chamber of Commerce v. Whiting, 563 U.S. ___ (2011). With its emphasis on immigration enforcement and a sympathetic Congress, the Trump administration might place mandatory use of E-Verify high on its legislative agenda.

  9. Worksite Enforcement: The Trump administration is likely to increase the amount of worksite enforcement significantly. President Obama has largely managed worksite enforcement through large fines levied by Immigration and Customs Enforcement for Form I-9 violations; the Obama administration expected this policy to deter employers from hiring and retaining FNs not authorized to work. Under a Trump administration, we expect to see less Form I-9 enforcement through fines and more enforcement through criminal prosecutions, as well as possible unannounced employer worksite inspections aimed at those suspected of employing undocumented workers.

  10. Proposed Regulations: At the present time, there are several proposed regulations that are working their way through the federal government’s rulemaking process. This includes the Obama administration’s proposed rules on international entrepreneurs and the U.S. Department of Labor’s proposals to modernize the PERM labor certification process. Given President-elect Trump’s often expressed opposition to new regulatory proposals and support for rolling back existing regulations, the future of these and any other regulatory initiatives is in doubt.

    On November 18, 2016, USCIS issued a final rule containing improvements to the EB-1, EB-2, and EB-3 immigrant classifications that the Obama administration designed to retain FNs who are the beneficiaries of employer-sponsored petitions in those classifications.  According to USCIS, this rule will provide (i) improved process and certainty for employers seeking to sponsor and retain FN employees, (ii) greater stability and job flexibility for these FN workers, and (iii) more administrative consistency to USCIS adjudications of the applications involving these FN workers. Under the Congressional Review Act (“CRA”), 5 U.S.C. §§ 801-08, Congress essentially has 60 days to review and reject any new regulation. By publishing this rule now, the Obama administration may avoid rejection by Congress and the Trump administration under the CRA. Any new rules issued within 60 days of the inauguration, however, may be subject to the CRA’s provisions.

Overall Outlook 

Much of this year’s presidential campaign rhetoric focused on the Mexican wall, restrictive immigration policies, and the mass incarceration and/or deportation of undocumented aliens in this country. At the present time, however, the budgetary and enforcement capacity constraints appear likely to limit the immediate realization of any such policies. Nevertheless, the campaign has stimulated a national debate on immigration and, thus, has increased the possibility of more comprehensive immigration reform being proposed later in the Trump administration.

This possibility is underscored by the reality that any uncertainty as to immigration and enforcement may have a serious impact on industries, such as agricultural and hospitality, which traditionally employ undocumented FNs, and on such sectors as technology, financial services, and health care and life sciences, which rely more on documented skilled and highly educated FNs. These industries are (i) important to the national economy, (ii) major employers in many congressional districts, and (iii) likely to beseech elected representatives to solve the immigration “problem.” The harsh truth is that America may not have enough of the necessary and willing workers to fill all the positions that a growing economy demands. In concert, these factors may drive the debate on immigration reform because the United States needs a comprehensive solution to grow the economy as the new administration has promised.

There is significant agreement that the current immigration system is antiquated and needs overhaul. Aside from the enforcement issues, the United States needs an immigration system that facilitates the admission of FNs whose labor and/or skills are critical to economic growth and who will not displace or supplant American workers. The ultimate irony may be that the enormous costs of massive immigration enforcement and the economic consequences to employers of American workers from overly restrictive immigration laws may be the catalyst for meaningful immigration reform.

©2016 Epstein Becker & Green, P.C. All rights reserved.

Texas Judge Not Persuaded, Permanently Enjoins DOL’s New Reporting Rule

Stop, Rain, DOL Persuader ruleIn a major victory for the business community, Judge Sam R. Cummings of the U. S. District Court for the Northern District of Texas issued a permanent nationwide injunction blocking the Department of Labor (DOL) from enforcing its new “persuader” rule. National Federation of Independent Business, et al. v. Perez, et al., Case No. 5:16-cv-00066. The rule attempted to expand disclosure requirements by employers and their consultants (including attorneys) related to union-organizing campaigns.

The new rule, which Judge Cummings had preliminarily enjoined prior to its effective date of July 1 of this year, would have greatly increased the reporting requirements under Section 203 of the Labor Management and Reporting Disclosure Act. That section requires employers and their labor relations consultants to disclose the terms (including financial terms) of any arrangement by which the consultant provides services that are intended to directly or indirectly persuade employees concerning their rights to organize a union or to bargain collectively with their employer.

For years, the DOL took the position that no reporting was required unless the consultant had direct contact with employees by way of in-person meetings, telephone calls, letters, or emails. Similarly, no reporting was required if the consultant’s activities were limited to providing sample materials such as speeches, postings, letters to employees, and the like that the employer was free to accept, reject, or modify.

However, the new persuader rule expanded the disclosure requirements to include indirect contact with employees by the consultant, including:

  • Directing, planning, or coordinating the efforts of managers to persuade employees

  • Providing materials such as speeches, letters, or postings that are intended to persuade employees

  • Conducting union avoidance seminars if the consultant assists the employer in developing anti-union strategies

  • Developing personnel policies intended to persuade employees in the exercise of their organizational or collective bargaining rights.

The attorneys general for 10 states as well as various business groups challenged the new rule as infringing on employers’ First Amendment rights and conflicting with the attorney-client privilege. Judge Cummings agreed that the rule is unlawful and should be set aside. Presently, it is unknown if DOL intends to appeal Judge Cummings’ order.

ARTICLE BY Henry W. Sledz Jr. of Schiff Hardin LLP

The Unknown Future Of The Affordable Care Act

Donald Trump Affordable Care Act

Donald Trump’s victory to become the next president of the United States, and the Republican Party’s continued control of the United States Senate and House, will likely have a significant impact on the future of the Affordable Care Act (ACA). President-elect Trump (Trump) has vowed to immediately dismantle the ACA. To date, Trump has provided only a broad outline of what exactly he plans to replace the law with, such as the following:

  • Eliminating ACA requirements which generally require (1) individuals to maintain health insurance, and (2) employers with more than 50 full time employees to offer affordable major medical plan coverage or run the risk of paying penalties;

  • Eliminating tax subsidies that eligible individuals can use to purchase coverage and/or offset costs under health insurance exchanges;

  • Expanding the use of health savings accounts to pay deductibles, copayments, etc.;

  • Establishing tax breaks to allow taxpayers to deduct premiums they pay for individual health insurance policies;

  • Allowing health insurance across state lines;

  • Allowing states to manage Medicaid funds;

  • Modifying or eliminating the ACA’s “essential health benefits” requirements;

  • Expanding age rating bands (increasing the range of premiums that will be allowed); and

  • “Modernizing” Medicare.

Despite his general opposition to the ACA, Trump has expressed support for ACA rules which prohibit insurers and employer plans from excluding coverage for expenses related to preexisting conditions. However, those prohibitions force insurance companies and employer plans to bear significant costs. The ACA’s employer and individual coverage mandates were intended to make the pre-existing condition exclusions more palatable to payers by forcing healthy individuals into the applicable insurance pools. Consequently, it is unclear how Trump would preserve the pre-existing condition exclusions yet eliminate the employer and individual mandates.

In addition, the ACA contains hundreds of provisions affecting hospitals, corporations, Medicare, health care quality and integrity, the health care workforce, biosimilars, health care prevention and other issues unrelated to what most people think of as “Obamacare.” To date, Trump appears not to have taken any public position on these provisions.

Copyright © 2016 Godfrey & Kahn S.C.

Top Takeaways from FDA Draft Guidance on Software as Medical Device

FDA software as medical deviceFDA’s proposed adoption of an IMDRF document raises questions.

On October 14, the US Food and Drug Administration (FDA) released a new draft guidance document, Software as a Medical Device (SaMD): Clinical Evaluation (Draft Guidance).[1] The Draft Guidance was developed by the SaMD Working Group of the International Medical Device Regulators Forum (IMDRF),[2] a voluntary group of medical device regulators from around the world, including FDA. This is the first time that FDA has proposed issuing an IMDRF document as an official FDA guidance document.

The Draft Guidance discusses clinical evaluation recommendations for SaMD and focuses on the general principles of clinical evaluation, which include establishing scientific validity, clinical performance, and analytical validity for an SaMD. The Draft Guidance is available for public comment until December 13, 2016. We have highlighted below key takeaways.

1. Cart Before the Horse?

Over the years, FDA has issued several guidance documents attempting to clarify its position on software products. For instance, in 2015, the Agency issued its final guidance on Mobile Medical Applications, which describes when FDA will or will not actively regulate software that can be executed on a mobile platform.[3] However, the Mobile Medical Apps guidance is limited to the specific mobile app examples listed in that guidance, and FDA has yet to issue its long-promised draft guidance on clinical decision support software. Thus, there is no clear overarching policy on when software used for health- or medical-related purposes would be considered SaMD, subject to FDA regulation. In this context, issuing guidance on FDA’s expectations for the clinical evaluation for SaMD seems premature. Software developers need to first understand where the proverbial line is before investing in clinical evaluation activities.

2. New Unadopted Terminology and Reference Documents Used

The Draft Guidance uses terminology defined in other IMDRF documents and also incorporates by reference findings from other IMDRF documents; however, FDA has not officially adopted those other IMDRF documents as FDA guidances. Thus, it is not clear whether FDA intends for this Draft Guidance to be the first volley, followed up by formally issuing other IMDRF documents on SaMD as FDA guidances, or whether FDA would simply consider the terminology and principles in those other IMDRF documents to be adopted by proxy if and when it finalizes this current Draft Guidance. It also is not clear how the principles and terminology in these other IMDRF documents align with FDA’s existing regulations and guidance documents. For instance, the Draft Guidance discusses a system of classifying SaMD based on its intended use and risk; however, it is not clear how this classification system would translate to FDA’s existing device classification system (Class I, Class II, and Class III) and classification regulations. Such an understanding is important for SaMD developers to determine the premarket review standard that will apply (e.g., establishing substantial equivalence vs. safety and effectiveness), because this will inform the goals for SaMD clinical evaluation.

3. Context Is Important

Although this Draft Guidance’s focus is SaMD clinical evaluation, a significant part of its 45 pages is used to provide definitions, general principles, context, and SaMD categorization principles (not to mention the references to other IMDRF documents, as described above). Only Section 6 directly addresses clinical evaluation. On that point, the new Draft Guidance describes clinical evaluation as the process for establishing the scientific validity, analytical validity, and clinical performance of an SaMD and provides recommendations for generating evidence in these three areas. The Draft Guidance further describes how to determine the required level of evidence based on the SaMD’s categorization. With regard to categorization, the Draft Guidance proposes a SaMD categorization scheme based on: (1) how the information generated by the SaMD will be used (for nondiagnostic, diagnostic, or therapeutic purposes), and (2) the criticality of the healthcare situation or condition in which the SaMD is to be used. An SaMD intended to treat or diagnose critical healthcare situations or conditions is considered higher risk and thus would be subject to more rigorous clinical evaluation requirements.

4. FDA Requests for Feedback

In its Federal Register notice announcing the new Draft Guidance, FDA highlighted specific areas for which it would like feedback, including the following:

  • Does the document appropriately translate and apply current clinical vocabulary for SaMD?

  • Are there other types of SaMD beyond those intended for nondiagnostic, diagnostic, and therapeutic purposes that should be highlighted or considered in the document?

  • Does the document adequately address the relevant clinical evaluation methods and processes for SaMD to generate clinical evidence?

  • Given the uniqueness of SaMD and the proposed framework, is there any impact on currently regulated devices or any possible adverse consequences?

Next Steps

The Draft Guidance document indicates that it is intended to provide globally harmonized principles of when and what type of clinical evaluation is appropriate based on the SaMD risk. However, questions remain about how these principles translate to FDA regulatory requirements.

The Guidance Document is available for comment until December 13, 2016 (Docket No. FDA–2016–D–2483).

[1] 81 Fed. Reg. 71105 (Oct. 14, 2016),  

[2] FDA,International Medical Device Regulators Forum (IMDRF) (last updated May 5, 2015),

[3] FDA, Mobile Medical Applications: Guidance for Industry and Food and Drug Administration Staff, (Feb. 9, 2015),…/UCM263366.pdf.

Cybersecurity Due Diligence Is Crucial in All M&A—Including Energy M&A Transactions

Can a single data breach kill or sideline a deal? Perhaps so. Last month Verizon signaled that Yahoo!’s disclosure of a 2014 cyberattack might be a “material” change to its July $4.83 billion takeover bid—which could lead Verizon to renegotiate or even drop the deal entirely. Concern over cybersecurity issues is not unique to technology or telecommunications combinations. In a 2016 NYSE Governance Services survey of public company directors and officers, only 26% of respondents would consider acquiring a company that recently suffered a high-profile data breach—while 85% of respondents claimed that it was “very” or “somewhat” likely that a major security vulnerability would affect a merger or acquisition under their watch (e.g., 52% said it would significantly lower valuation).

Bottom Line: Cybersecurity should play a more meaningful role in the due diligence portion of any potential M&A deal. Certainly this is so when a material portion of the value in the acquisition comes from intangible assets that might be most vulnerable to hackers. Financial information comes to mind. Personal information of employees does as well. But companies also need to be concerned about their trade secrets, know-how and other confidential business information whose value inheres in its secrecy. Therefore, a merely perfunctory approach to cybersecurity can become very costly. The union of companies today is a union of information, malware and all.

Energy M&A Is Not Immune

To weather the plunge in prices, many oil companies have sought out new innovations to reduce the cost of extraction and exploration. Investments in digital technologies will likely only increase—a 2015 Microsoft and Accenture survey of oil and gas industry professionals found that “Big Data” and the “Industrial Internet of Things” (IIoT) are targets for greater spend in the next three to five years. Cybersecurity threats were perceived in the survey as one of the top two barriers to realizing value from these technologies.

These developments in energy industry—bigger data and bigger vulnerabilities—are here to stay. The proposed merger of General Electric and Baker Hughes also speaks to the growing importance of analytics to oil production. Commentators note that the acquisition would allow GE more fully to implement its Predix platform, an application of IIoT to connect everything from wellhead sensors to spreadsheets. However, as last month’s massive cyberattack on DNS provider Dyn, Inc. demonstrated, the IIoT holds unique challenges as well as great promise for operational efficiency. (In this attack, reportedly 400,000 internet-linked gadgets were hacked and used to reroute web traffic to overload servers.)

Bottom Line: Robust cybersecurity diligence should be de rigueur for energy M&A.

What Can Companies Do to Protect Deal Value?

For starters, energy companies should treat cybersecurity as a separate and more involved category for due diligence.

Liability for or damages from legacy data breaches or malware can become expensive—damages to systems, theft of information and liability from the release of personal or reputation-damaging information, to name a few. Therefore, anticipating problems post-merger, cataloguing past vulnerabilities and most importantly, discovering actual breaches before closing is crucial to avoid deals blowing hot and cold.

Companies should retain IT specialists who can do an objective assessment of the cybersecurity posture of a proposed merger or acquisition. This can help prospective acquirers better determine the adequacy of a target’s cybersecurity programs, such as its policies over incident response, how access to data is distributed, the extent of a company’s online presence and vulnerabilities, and how remediation of any potential cyberthreats or actual breaches may best proceed.

A cybersecurity questionnaire should also be developed, covering such topics as:

  • How and where has company data been stored?

  • Who has had access?

  • Have there been any actual or attempted intrusions into (or leaks) of company data?

An acquirer could further insist on specific representations and warranties from a target company regarding their cybersecurity compliance, as well as bargain towards indemnity for prior data breaches.

On the target side, energy companies should prepare (in turn) for more scrutiny over their data security and privacy practices. Among other benefits to “knowing thyself,” getting ahead of this process should offer targeted companies a better negotiating position. It would also allow them to take a more proactive role in defining the policies of the combined company post-merger. At the very least, these efforts could help avoid the kind of hiccups and uncertainties that lead to undervaluation. In any event, poor cybersecurity practices can give an impression that a target lacks risk management in other areas—not an ideal pose to strike in any bargain.

Parting Thoughts

It is a trope in cybersecurity writing to invoke figures like Sun Tzu and shoehorn in quotes about war stratagem. Well, these habits are in some ways unavoidable: For all intents and purposes, fighting anonymous hackers resembles battle prep—a method of self-awareness and readiness that defies box-checking.

Energy companies could take these words to heart from the inestimable Miyamoto Musashi, a samurai who won 60 duels: “If you consciously try to thwart opponents, you are already late.” (A sentiment echoed more recently by Mike Tyson’s truistic “Everyone has a plan until they get punched in the mouth.”)

And This Key Takeaway: Any cybersecurity program must go hand-in-hand with a corporate culture that respects data as among its most valued assets. Efforts in detection, reporting and remediation are challenges that fall throughout the ranks and, if reflexive to the unknown, stand the best chance of being fully realized.

Bottom Line: Mind Your Data!

Privacy and Data Security in the Trump Administration

data breach, privacyPrivacy and data security issues were prominent in the campaign. Allegations were even made that Russia was behind the DNC hack.

Despite it being front and center in the campaign, cybersecurity did not generate specific policies from the Trump campaign. One thing Donald Trump did promise was a top to bottom review of US cyber defense and security led by government, law enforcement, and private sector experts.  He also committed to establishing a Justice Department task force to coordinate responses to cyber attacks and a cyber review team to audit existing government IT systems.

Another area on which the President-elect spoke was the need to clamp down on the theft of US intellectual property, especially by foreign nations and competitors. Tools already exist to do that, of course: Economic Espionage Act of 1996.  Congress, which earlier this year enacted the Defend Trade Secrets Act, is likely to respond favorably to any additional resources or authorities the new administration might seek for this purpose.

Related to cyber security were Mr. Trump’s comments on encryption during Apple’s dispute with the Justice Department in the wake of the San Bernardino terrorist attack. Trump sided strongly with law enforcement, and we can expect Congress to return to the subject of encryption in the coming session.  Whether anything happens legislatively is uncertain, and some in Congress want to await the pending report of the National Academy of Science on encryption, which will remain a highly contentious issue.  Still, Candidate Trump’s comments show where he stands.  One wildcard in the debate may be how weakened is FBI Director Jim Comey, who has been leading the charge on encryption issues for law enforcement.

Also due for legislative consideration in 2017 is the renewal of section 702 surveillance authority under the FISA Amendments Act, which is due to sunset at the end of the year. Trump is likely to take a much more pro-surveillance position than either the current administration or Secretary Clinton might have taken.  Privacy advocates in both parties are likely to press for changes in the law, but at this point the odds would be against them.

Either on its own or in conjunction with the section 702 debate, Congress is likely to return to consideration of ECPA reform. The House passed the E-mail Privacy Act unanimously this Congress, but it stalled in the Senate due to privacy groups’ opposition to an amendment sought by Senator Cornyn.  The must-pass section 702 legislation is likely to provide a vehicle for e-mail privacy and related ECPA reform legislation if it does not move on its own.

Also in the mix on these issues is consideration of legislation clarifying and modernizing how domestic law enforcement accesses data across national borders. Legislation addressing that issue enjoys prominent support in Congress and may well get taken up in conjunction with ECPA reform or get lumped in with that in the context of section 702 renewal.

And the House Judiciary Committee is already moving ahead with a hearing scheduled to consider protecting geolocation data, setting up another area of dispute between law enforcement and privacy advocates.

Also in the mix legislatively will be proposals on how firms deal with data breaches and theft of information. The recently disclosed hack of Yahoo and the DNC hack have again raised the profile of data breach issues.  While there is consensus that something should be done, disagreement remains on the details, including whether a federal law should preempt state data breach laws.  There is little reason to expect that the disagreements can be bridged or that legislation will in fact move forward.

Finally and briefly, among other issues that Congress is likely to look at, though on which a legislative solution is unlikely are:

1) how to address distributed denial of service attacks, and the inter-related topic of the growth of the Internet of Things, on which several committees have already scheduled hearings in the wake of the recent significant DDOS attack. At this stage, Congress is likely to seek to continue to build its level of understanding of the issues here rather than act on anything;

2) how to address the recruitment of terrorists and the spread of violent extremism through social media; and

3) the implementation of last year’s Cybersecurity Information Sharing Act by the Department of Homeland Security.

One final point: the key players on these issues are likely to remain the same. One possible change would have Senate Judiciary ranking member Pat Leahy, just reelected, move to become ranking member of the Appropriations Committee, which could open the door for Senator Feinstein to become ranking member of the Judiciary Committee.  She would be more sympathetic to law enforcement and less aligned with the privacy advocates than Senator Leahy has been.  However, her move might allow tech-friendly Senator Mark Warner to become vice chairman of the Intelligence Committee, of which Senator Richard Burr will remain as chairman after his reelection.

© 2016 Covington & Burling LLP

It’s Not Really ”Repeal and Replace”; It’s Transition – pt 1

FAffordable Care Actor the last six years, Republicans have talked about repeal and replacement of the Affordable Care Act.  The election outcome now puts Republicans in a position of authority to take action on the Affordable Care Act.  As we look ahead to the 115th Congress, it is important to move away from political rhetoric and consider what can actually be achieved as a matter of public policy.

First, the Affordable Care Act is an extremely complex law including many more provisions than those related to coverage.  Complete repeal of the law is not remotely realistic.  For years Republicans have claimed support for provisions within the bill, some of which were actually bipartisan ideas.  No one should assume complete repeal.  The President-elect has already publicly voiced his support, for example, for continuing the bar on pre-existing condition exclusions from coverage.

Second, repeal and replace has been the mantra for many years, but that’s not actually the most accurate description of what Republicans want to do with the Affordable Care Act.  Republicans want to provide consumers with market-driven, high-value, cost-efficient health care coverage choices provided by private insurers.  That’s what Democrats arguably intended to do with the coverage provisions of the Affordable Care Act.

Ultimately, Republicans are going to transition the Affordable Care Act to function more to their liking.  The core of that function will still be covering millions of Americans through market-driven, high-value, cost-efficient health care coverage choices provided by private insurers.  The challenge for Republicans will be to limit the number of people who lose coverage in the transition, and it is simply wrong to assume Republicans intend to cause people to lose coverage.  For example, merely repealing the individual mandate will lead to significant market disruption and loss of coverage.  But if the individual mandate is transitioned to a late enrollment penalty, disruption and loss of coverage could be greatly minimized.

Finally, transition will not occur quickly.  While there is much more information about the consequence of policy decisions today than there was in 2009, writing legislation, determining the impact of legislation, and then moving legislation through Congress will take much of 2017.  This is not something that is likely to happen in a special session early in 2017.

This post is the first in a series.  In the posts that follow, we will describe the critical issues that Republicans must tackle as they transition the Affordable Care Act into a version of health care reform that they must own and defend.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Congress Returns for Lame Duck Session as President-Elect Trump Prepares New Administration

Capitol, Congress, Lame Duck, President-Elect TrumpA New Administration and a New Congress: What to Expect

On Tuesday, November 8, the American public elected Donald J. Trump as the 45th President of the United States and elected one-third of the 100 Senators and all of the House Members who will make up the 115th Congress. As a result of the elections, President-Elect Trump will have the opportunity to work with a Republican Senate and a Republican House to address the challenges facing the country.

In his victory speech, President-Elect Trump said:

Now it’s time for America to bind the wounds of division; [we] have to get together. To all Republicans and Democrats and Independents across this nation, I say it is time for us to come together as one united people. It’s time. I pledge to every citizen of our land that I will be president for all Americans, and this is so important to me.

In the aftermath of the most bruising and bizarre presidential election in modern history, will anything get done in Washington DC? Given the stark divisions between the Republican and Democratic parties and the message voters sent to policymakers inside the Capital Beltway, can policymakers overcome their differences to address the pent up demand to resolve major issues that have been multiplying for the better part of a decade?

Senate Legislative Activity

The Senate will convene on Monday, November 14, in pro forma session. On Tuesday, November 15, the Senate will convene at 4:00pm. Following any Leader remarks, the Senate will be in a period of morning business, with Senators permitted to speak therein for up to 10 minutes each until 5:00pm. At 5:00pm, the Senate will proceed to the consideration of H.R.4511, Gold Star Families Voices Act. There be 30 minutes of debate followed by a vote on passage of the bill.

House Legislative Activity

On Monday, November 14, the House will meet at 2:00pm for legislative business, with votes postponed until 6:30pm. The following legislation will be considered under suspense on of the rules:

  • H.R. 1192 – National Clinical Care Commission Act;

  • H.R. 1209 – Improving Access to Maternity Care Act;

  • H.R. 2713 – Title VIII Nursing Workforce Reauthorization Act of 2016;

  • H.R. 4365 – Protecting Patient Access to Emergency Medications Act of 2016, as amended;

  • H.R. 985 – Concrete Masonry Products Research, Education, and Promotion Act of 2015, as amended;

  • H.R. 4665 – Outdoor Recreation Jobs and Economic Impact Act of 2016, as amended;

  • H.R. 2566 – Improving Rural Call Quality and Reliability Act of 2016; and

  • H.R. 2669 – Anti-Spoofing Act of 2016

On Tuesday, November 15, the House will meet at 12:00pm for legislative business. The following legislation will be considered under suspension of the rules:

  • H.R. 5732 – Caesar Syria Civilian Protection Act of 2016, as amended;

  • H.R. ___ – Iran Sanctions Extension Act;

  • H.R. 5332 – Women, Peace, and Security Act of 2016, as amended; and

  • H.Res. 780 – Urging respect for the constitution of the Democratic Republic of the Congo in the democratic transition of power in 2016, as amended

On Wednesday, November 16, the House will meet at 10:00am for morning hour and at 12:00pm for legislative business. On Thursday, November 17, the House will meet at 9:00am for legislative business, with last votes expected by 3:00pm. The House will consider:

  • H.R. 5711 – To prohibit the Secretary of the Treasury from authorizing certain transactions by a U.S. financial institution in connection with the export or re-export of a commercial passenger aircraft to the Islamic Republic of Iran, Rules Committee Print (Subject to a Rule); and

  • H.R. 5982 – Midnight Rules Relief Act of 2016 (Subject to a Rule)

On Friday, November 18, no votes are expected in the House.

© Copyright 2016 Squire Patton Boggs (US) LLP