Tag: Regulatory

Health Insurance Portability and Accountability Act/Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) Compliance Strategies for Medical Device Manufacturers

Sheppard Mullin 2012

As computing power continues to become cheaper and more powerful, medical devices are increasingly capable of handling larger and larger sets of data. This provides the ability to log ever expanding amounts of information about medical device use and patient health. Whereas once the data that could be obtained from a therapeutic or diagnostic device would be limited to time and error codes, medical devices now have the potential to store personal patient health information. Interoperability between medical devices and electronic health record systems only increases the potential for medical devices to store personal information.

The concern has become so significant that the U.S. Food and Drug Administration recently issued a draft guidance and letter to industry noting concerns associated with theft or loss of medical information by cybersecurity vulnerable devices. For a more detailed discussion of this issue, see last month’s blog post.

This raises another important issue for medical device manufacturers and health care providers: medical device compliance with the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Compliance with HIPAA and HITECH has become a major concern for hospitals and health care providers, and will increasingly be an issue that medical device manufacturers will need to deal with.

A medical device manufacturer needs to answer three questions in order to determine whether the collection of patient information by a medical device is subject to HIPAA and HITECH:

  • Does the information qualify as Protected Health Information?
  • Is a Covered Entity involved?
  • Does a Business Associate relationship exist with a Covered Entity?

Protected Health Information

Protected Health Information (PHI) is individually identifiable health information transmitted or maintained in any form or medium.[1] Special treatment is given to electronic PHI, which is subject to both the HIPAA Privacy Rule, and the Security Rule (which only applies to electronic PHI). To be “individually identifiable,” the PHI must either identify the individual outright, or there must be a reasonable basis to believe that the information can be used to identify the individual.[2]

“Health information” is any information (including genetic information) that is oral or recorded in any form or medium, and meets two conditions.[3] First, the information must be created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse.[4] Second, the information must relate to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual.[5]

If data collected by a medical device does not meet the definition of “individually identifiable,” or “health information,” it is not covered under HIPAA and HITECH. For example, a medical device that logs detailed medical diagnostic information about a patient, but includes no means by which that information may be traced to the patient, the data would likely fall outside of HIPAA and HITECH. Alternatively, a medical device, such as a mobile medical app, may request that a user provide detailed medical information about himself or herself. Provided that information is requested outside of the context of a health care provider, health plan, public health authority, employer, life insurer, school or university, HIPAA and HITECH similarly would likely not apply.

Covered Entities and Business Associates

There are two types of persons regulated by HIPAA and HITECH: “Covered Entities” and “Business Associates.” A Covered Entity is a health plan, a health care clearinghouse, or a health care provider who transmits any health information in electronic form in connection with a covered transaction.[6] A Business Associate is a person who either creates, receives, maintains, or transmits PHI for a regulated activity on behalf of a covered entity, or provides legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to a covered entity, where the service involves the disclosure of PHI.[7]

Therefore, at a minimum, in order to be subject to HIPAA and HITECH a Covered Entity needs to be involved. For example, medical devices sold directly to consumers for personal use would generally not be subject to HIPAA and HITECH.

Conversely, just because a medical device manufacturer is not a “Covered Entity,” HIPAA and HITECH may apply through a Business Associate relationship. Business Associates include Health Information Organizations, E-prescribing Gateways, and others that provide data transmission services with respect to PHI to a covered entity, and that require access on a routine basis to PHI.[8] Business Associates also include persons that offer PHI to others on the behalf of a covered entity, or that subcontract with a Business Associate to create, receive, maintain, or transmit PHI.[9]

[1] 45 C.F.R. § 160.103 “Protected health information”.

[2] 45 C.F.R. § 160.103 “Individually identifiable health information” (2)(i) and (ii).

[3] 45 C.F.R. § 160.103 “Health information”.

[4] 45 C.F.R. § 160.103 “Health information” (1).

[5] 45 C.F.R. § 160.103 “Health information” (2).

[6] 45 C.F.R. § 160.103 “Covered entity”.

[7] 45 C.F.R. § 160.103 “Business associate” (1).

[8] 45 C.F.R. § 160.103 “Business associate” (3)(i).

[9] 45 C.F.R. § 160.103 “Business associate” (3)(ii) and (iii).

Article By:

 of

White House Previews List of Incentives to Support Adoption of its Cybersecurity Framework

Bracewell & Giuliani Logo

As its latest step in a broader effort to prioritize cybersecurity, the White House released last week a list of possible incentives that may be offered to companies that own or operate critical infrastructure systems and assets to encourage adoption of a national Cybersecurity Framework, scheduled for release in February 2014. The list of possible incentives—which the Departments of Homeland Security, Commerce, and Treasury identified in response to a February 12, 2013 Executive Order—includes grants, liability limitation, public recognition, and cybersecurity investment rate recovery, among others. Some of the identified incentives could be created from existing federal agency authorities, while others would require legislative action from Congress. Over the next few months, agencies will seek input from critical infrastructure stakeholders in examining their preliminary lists and determining which to implement and how.

In the same February 12, 2013 Executive Order, the President directed the National Institute of Standards and Technology (NIST), an agency of the Department of Commerce, to lead the development of a national Cybersecurity Framework to reduce cyber risks to critical infrastructure. The President called for the Framework to include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks, and directed NIST to incorporate voluntary consensus standards and industry best practices to the fullest extent possible. NIST released a draft outline of the Framework on July 1, 2013, and a full draft of the Framework is scheduled for release in October.

Exactly how the Cybersecurity Framework will interact with or complement the North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards is unclear. The Cybersecurity Framework is intended to provide cross-sector security standards, while the NERC CIP standards were developed by, and for the use of, the electricity sub-sector. The Administration intends for NIST to consult its peers, as the President directed the Secretary of Homeland Security to “engage and consider the advice” of sector-specific and other relevant agencies. The Secretary must also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations, which would presumably include NERC. Whether NERC has been consulted and how their input thus far has been considered is unclear.

In its draft outline of the Cybersecurity Framework, NIST indicates that the voluntary program is intended to complement rather than to conflict with current regulatory authorities, and the draft compendium, attached to the outline, includes reference to the NERC CIP Standards. In fact, NERC submitted comments in response to NIST’s February 26, 2013 Request for Information seeking input to help shape the draft Framework. However, the content of the Framework is still unknown, and until the draft is released in October, the exact relationship between the two sets of standards remains uncertain. In the meantime, as NERC stated in its comments to NIST, NERC feels strongly that a second set of potentially conflicting or redundant standards could create undue hardship on the electricity sub-sector. NERC also stated that, “while a framework of cybersecurity standards that is applicable to all sectors is possible, the framework may need flexibility to have certain common elements to be valuable or effective. Some sectors, such as the electricity sub-sector, are far more advanced in their cybersecurity efforts; other sectors may need time to meet minimum (voluntary) standards. The framework must build on existing standards and programs to develop a comprehensive approach to cybersecurity.”

As national-level cybersecurity efforts have progressed this year, so have NERC’s efforts to improve the CIP standards. NERC Reliability Standards are generally written as performance standards; that is, they prescribe a measurable end-state or goal, and attempt to remain technology- and method-neutral. However, utilities widely criticized earlier versions of the standards as being focused primarily on compliance documentation as opposed to security principles. With input from stakeholders, NERC significantly revised its CIP standards in Version 5, which were filed with FERC on January 31, 2013. Much of industry considers the revised CIP program to be an improved framework for critical asset cybersecurity protection, with a renewed risk-based focus on security. NERC stated that it stands ready to share its industry-driven approach with NIST as it endeavors to develop the Cybersecurity Framework.

Consumer Financial Protection Bureau (CFPB) Releases Exam Procedure Updates For Truth in Lending Act (TILA) and Real Estate Settlement Procedures Act (RESPA)

Sheppard Mullin 2012

On August 15 the Consumer Financial Protection Bureau released updates to its examination procedures in connection with the new mortgage regulations that were issued in January. These updates offer valuable guidance on how the CFPB will conduct examinations for compliance with the Truth in Lending Act and the Real Estate Settlement Procedures Act.

The updates incorporate the first set of interim TILA exam procedures from June. The CFPB Examination manual now contains updated interim exam procedures for RESPA, covering final rules issued by the CFPB through July 10, procedures for TILA, covering final rules issued by the CFPB through May 29, and the previously released interim exam procedures for the Equal Credit Opportunity Act, covering final rules issued by the CFPB through January 18.

A copy of the RESPA exam procedures released on August 15 can be found at:http://files.consumerfinance.gov/f/201308_cfpb_respa_narrative-exam-procedures.pdf

A copy of the TILA exam procedures released on August 15 can be found at: http://files.consumerfinance.gov/f/201308_cfpb_tila-narrative-exam-procedures.pdf

Article By:

of

Federal Energy Regulatory Commission (FERC) Initial Decision Lowers Return on Equity (ROEs) for New England Transmission Owners

SchiffHardin-logo_4c_LLP_www

On August 6, 2013, FERC Administrative Law Judge Michael J. Cianci issued an initial decision on the complaint filed against the New England Transmission Owners (NETOs) seeking to reduce their currently effective 11.14% base return on equity (ROE) (FERC Docket Nos. EL11-66-000, et al.). Applying FERC’s traditional discounted cash flow (DCF) analysis to financial data largely for the period May 2012 – October 2012, Judge Cianci would require the NETOs to use a 10.6% base ROE to make refunds for transmission service provided between October 1, 2011 and December 31, 2012. Applying the same DCF analysis to financial data largely for the period October 2012 – March 2013, Judge Cianci would allow the NETOs a 9.7% ROE that would apply prospectively once FERC ultimately issues its order in the case (assuming FERC sustains Judge Cianci’s rulings; see PP* 544, 559-560). These rulings undoubtedly are disappointing both to the NETOs, who opposed any reduction in the 11.14% base ROE, and the complainants, who advocated substantially lower ROEs (8.3% to 8.9%) than Judge Cianci would allow.

On the positive side for the NETOs, Judge Cianci found that reducing utility ROEs below 10% for a prolonged period could be harmful to the industry (P 576). He also resolved virtually all conventional DCF methodological issues in the NETOs’ favor and his 10.6% and 9.7% ROEs were the ROEs developed in the NETOs’ conventional DCF analysis (PP 551, 552, 557). This would suggest that the 10.6% and 9.7% ROEs represent the maximum possible ROEs given the financial market data and the constraints of FERC precedent.

Judge Cianci expressly declined to rule on an issue that was hotly contested by both the NETOs and the complainants. The issue is whether post-2007 financial market conditions cause the DCF method to understate ROE costs and require modification of FERC’s conventional DCF analysis by use of alternative ROE methodologies (e.g., CAPM) to determine the NETOs’ actual common equity costs. A related issue, also hotly disputed by the parties, is whether the billions of dollars of required new transmission investment should also impact the ROE calculus.

The NETOs and the complainants are free to dispute all aspects of Judge Cianci’s decision through the FERC appeal process. The initial appellate briefs (known as briefs on exceptions) are due September 20, 2013, and briefs opposing exceptions are due October 24, 2013. The ultimate FERC ruling in this case will clarify and/or modify FERC’s ROE policy and is likely to be of extreme importance not only to the NETOs and their customers but to all utilities who charge or pay FERC jurisdictional transmission rates.

Two elements of Judge Cianci’s decision merit additional comment.

First, his decision concerned the NETOs collectively with the result that the ROE benchmark was the so-called “mid-point” of the zone of reasonableness (the mid-point is the average of the highest and lowest returns within the zone). The benchmark for an individual utility would be the “median” (the median is the point within the zone of reasonableness where half the returns are higher and half the returns are lower). Under current conditions, the median would be somewhat lower than the midpoint. Thus, other things being equal (they never are), a hypothetical Judge Cianci decision in an individual utility rate case would result in somewhat lower ROEs.

Second, due to the statutory fifteen-month limitation on retroactive refunds, the NETOs will not be required to make Docket No. EL11-66-000 refunds for the period between January 1, 2013 and the issuance date of the final FERC order. However, FERC has not yet acted on a second ROE complaint currently pending against the NETOs (Docket No. EL13-33-000). Although FERC would need to make new ROE findings in the new docket, this second complaint could close the Docket No. EL11-66-000 gap, and expose the NETOs to “back-to-back” ROE refunds for a 15-month period beginning January 1, 2013.

The initial decision is available here.

* “P” refers to the relevant numbered paragraph in the initial decision.

Article By:

 of

A Review of Centers for Medicare & Medicaid Services' (CMS) Approach to $125 Million Recoupment of Payments to Providers for Services to Incarcerated / Unlawfully Present Beneficiaries

Sheppard Mullin 2012

CMS seeks to recover from providers $125 million in alleged overpayments for services to beneficiaries who are belatedly identified as ineligible (incarcerated/unlawfully present). This post examines the recovery process CMS has put in place, noting CMS procedural shortcomings and reviewing some substantive defenses available to providers facing such demands.

In January 2013, CMS’ Office of Investigator General released two parallel reports, criticizing CMS for making improper payments to providers for services rendered to beneficiaries who, according to updated Social Security Administration records, were either incarcerated or unlawfully present in the United States at the time of such service.[1]

OIG concluded that between 2010-2012, CMS made more than $125 million in improper payments to providers (including hospitals, outpatient facilities, physicians, skilled nurses, DME suppliers, home health, and hospice). OIG recommended that CMS take steps to recover such funds and avoid such payments in future.

In response, CMS noted that it already had in place a system that checks, at the time a claim is submitted, the eligibility status of each beneficiary. If data indicates that a patient is not eligible, the claim is rejected. As a result, all overpayments identified by OIG resulted from changes to SSA data after claims were processed.

Apparently anticipating these OIG reports, in November 2012, CMS published two change requests[2] to implement an Informational Unsolicited Response Process (IUR). Through an IUR, the Common Working File system would automatically flag and report to the MACs any previously paid claims where subsequent data updates indicated that the beneficiary was not eligible at time of service due to incarceration or unlawfully present status. In Spring 2013, CMS began implementing the incarcerated patient IUR.

Although CMS has Regional Audit Contractors (RACs) in place to perform post payment technical bill review, CMS has bypassed the RAC process; instead, using the IUR, CMS has instructed the MACs to “initiate recoupment procedures” upon receipt of an IUR to recover these funds. MACs, acting upon this instruction, immediately initiated recoupment through remittance advice[3] based simply upon the subsequent SSA data change. By acting in this way, CMS:

Failed to provide any explanation of the reason for the overpayment redetermination;
Failed to provide the required 15 day opportunity for rebuttal;
Failed to defer recoupment pending the 15 day rebuttal period and through reconsideration;
Failed to address whether provider liability should be waived under section 1870 of the Social Security Act (no fault waiver); and
Failed to advise providers of their appeal rights.[4]

Providers reacted with surprise, placing many calls to the MACs and SSA (to address mistakes in data). In many cases, SSA data indicating incarceration of a patient was simply erroneous; even if valid, it appears that, like CMS, provider were generally unaware of ineligibility at the time of service.

CMS initially took the position that notice letters were not required and there would be no appeal rights; CMS at first indicated that any erroneous findings would be addressed by “data revisions” (presumably through a discretionary reopening by the MAC).

CMS has modified some of its positions based upon provider objection.

In recent FAQs,[5] CMS now concedes that providers do have appeal rights.

But CMS says most errors won’t be fixed until October 2013.

Critically, CMS has not yet addressed its failure to give providers proper notice, explanation of findings, rebuttal rights, its failure to consider no fault waiver. CMS also has so far failed to honor the post payment restrictions on recoupment pending rebuttal and appeal.

The SSA database is not perfect. In one case, a hospice was put on recoupment for months of service to a female beneficiary in 2010-2011 who was mistakenly identified in the SSA database with an unrelated incarcerated male patient. Notice and thoughtful consideration of rebuttal evidence would have prevented this error.

Perhaps more importantly for the general provider community, at the time each provider filed claims for services previously rendered, SSA data showed that the patient was eligible (or the claim would not have been paid). This fact presents a strong case for waiver of provider overpayment liability under the no fault provisions of section 1870 of the Social Security Act.

[1]http://oig.hhs.gov/oas/reports/region7/70203008.htm and https://oig.hhs.gov/oas/reports/region7/71201116.asp

[2] CR 8007 and CR 8009; eg: http://www.cms.gov/Regulations-and-Guidance/Guidance/Transmittals/Downloads/R1134OTN.pdf

[3] Incarcerated Patient shows ANSI Code 81G.

[4] Key Authorities Include: 42 USC §§ 1395ff, 1395gg, 1395ddd(f); 42 CFR §§ 405.373, 405.379, 405.982; and the Medicare Financial Management Manual, Ch. 34, § 90.

[5] http://www.cms.gov/Medicare/Medicare-Contracting/FFSProvCustSvcGen/Downloads/Incarcerated-Beneficiary-FAQs-8-1-13.pdf

Article By:

 of

First Post-Supreme Court Defense of Marriage Act (DOMA) Case Rules in Favor of Same-Sex Spouse

SchiffHardin-logo_4c_LLP_www

In one of the first post-Supreme Court DOMA cases, the Eastern District of Pennsylvania, applying Illinois state law, held that the surviving same-sex spouse of a deceased participant in an employer sponsored pension plan was entitled to the spousal death benefit offered under the plan. See Cozen O’Connor, P.C. v. Tobits, Civil Action No. 11-0045; 2013 WL 3878688 (E.D. Pa., July 29, 2013).

This case is significant because it is the first case after the Supreme Court’s June 26, 2013 decision in United States v. Windsor, 133 S. Ct. 2675 (2013) to grapple with choice of law in determining whether a marriage is valid for purposes of obtaining spousal benefits under an ERISA-covered plan. While Windsor ruled that Section 3 of DOMA defining marriage only as between persons of the opposite sex unconstitutional for purposes of applying federal law, it did not address or invalidate Section 2, which permits states to decline to recognize same-sex marriages performed in other states.

Case Background

In 2006, Sarah Farley and Jean Tobits were married in Canada. Shortly after they were married, Ms. Farley was diagnosed with cancer, and she died in 2010. At the time of her death, Ms. Farley was employed by the law firm of Cozen O’Connor and a participant in the firm’s profit sharing plan (the Plan). The Plan provided that a participant’s surviving spouse would receive a death benefit if the participant died before the participant’s retirement date. If the participant was not married or the participant’s spouse waived his or her right to the death benefit, the participant’s designated beneficiary would be entitled to the death benefits. The Plan defined “Spouse” as “the person to whom the Participant has been married throughout the one-year period ending on the earlier of (1) the Participant’s annuity starting date or (2) the date of the Participant’s death.”

Ms. Farley’s parents and Ms. Tobits both claimed a right to the Plan’s death benefits. Ms. Farley’s parents claimed that they had been designated as the beneficiaries, but it was undisputed that Ms. Tobits had not waived her rights to the death benefits. Cozen O’Connor filed an interpleader action in the Eastern District of Pennsylvania asking the court to determine who was entitled to the benefits. Therefore, the case focused on whether Ms. Tobits qualified as a “Spouse” under the Plan and thus was entitled to the death benefits.

The Court’s Ruling

The court noted that Windsor “makes clear that where a state has recognized a marriage as valid, the United States Constitution requires that the federal laws and regulations of this country acknowledge that marriage” irrespective of whether the marriage is between a same-sex couple or a heterosexual couple. With Windsor’s emphasis on states’ rights to define marriage, lower courts are left with the complicated task of deciding which state law applies when determining whether a same-sex spouse is entitled to benefits under federal law in those instances, as in Cozen, where multiple jurisdictions with different laws on same-sex marriage are implicated.

Apparently, because Cozen O’Connor is headquartered in Pennsylvania, the Plan is administered there, and the Plan’s choice of law provision references Pennsylvania law, the Farleys asked the court to apply Pennsylvania state law to determine the validity of the marriage. Pennsylvania’s mini-DOMA statute expressly defines marriage as between a man and a woman. The court concluded that ERISA preempted Pennsylvania law. It reasoned that if courts were required to look at the state in which the plans were drafted, plan administrators might be encouraged to forum shop for states with mini-DOMA laws to avoid paying benefits to same-sex couples. The court thought this kind of forum shopping would upset ERISA’s principle of maintaining national uniformity among benefit plans. Without further analysis, the court concluded Pennsylvania state law was not an option for determining Ms. Tobits’ status as a spouse within the meaning of the Plan.

Instead, the court applied Illinois law, the state where Ms. Farley and Ms. Tobits had jointly resided until Ms. Farley’s death. It was undisputed that Ms. Farley and Ms. Tobits had a valid Canadian marriage certificate. The court concluded that the marriage was valid in Illinois and that Ms. Tobits was Ms. Farley’s spouse within the Plan’s definition. Accordingly, the court held that Ms. Tobits was entitled to the Plan’s death benefit. Although not entirely clear, the court presumably came to this conclusion based on Illinois’ civil union statute (even though it was enacted after Ms. Farley’s death). The statute provides that (i) same-sex marriages and civil unions legally entered into in other jurisdictions will be recognized in Illinois as civil unions and (ii) persons entering into civil unions will be afforded the benefits recognized by Illinois law to spouses. See 750 Ill. Comp. Stat. An. 75/5 and 75/60 (West 2011).

Impact of Cozen on ERISA Benefit Plans

Cozen is the first ruling in the wake of Windsor to address which state law might apply when there are conflicting state laws as to whether a valid marriage is recognized for the purpose of being a “spouse,” and therefore whether the spouse is entitled to benefits under an ERISA-covered plan. In Cozen, Ms. Farley and Ms. Tobits were lawfully married in Canada, and the court ruled that Illinois’s civil union law recognizes lawful marriages performed in other jurisdictions. The court applied the law of the domicile state to support its holding that Ms. Tobits was a surviving spouse entitled to the Plan’s death benefit.

The Cozen decision may have little value outside of cases where a valid same-sex marriage is performed in one state (the “state of celebration”) and the state where the couple is domiciled recognizes same-sex marriages. In other situations, faced with a choice of law where the law of the state of domicile conflicts with the law of the state of celebration, the outcome could be different, because Section 2 of DOMA survives after the Windsor decision. Unless the federal government creates a uniform method of determining the choice of law question, ERISA cases raising benefit entitlement questions in the context of same-sex marriages are likely to continue to complicate plan administration, and ERISA’s goal of maintaining national uniformity in the administration of benefits will remain elusive.

Article By:

 of

US Government Accountability Office (GAO) Advocates for Increased Attention on Adapting to the Effects of Climate Change

Beveridge Diamond Logo

The US Government Accountability Office (GAO), the federal government’s non-partisan internal auditor, has jumped into the climate change fray, arguing that the federal government must improve how it is addressing the effects of climate change, in addition to and irrespective of any actions taken to prevent or reverse it. In two reports issued earlier this year, the GAO describes shortcomings in federal efforts to address the “significant financial risks” from climate change and recommends both macro and micro level changes to address these risks.

The first of the two reports is the biennial update to GAO’s list of federal programs and operations at “high risk” for waste, fraud, abuse, and mismanagement or needing broad-based transformation (High Risk List).[1] The High Risk List was originally compiled in 1990 and is released at the start of each new Congress to help in setting oversight agendas. An issue is added to the High Risk List if it meets the following four criteria:

  • the issue is of national significance;
  • it is key to government performance and accountability;
  • the associated risk involves public health or safety, service delivery, national security, national defense, economic growth, or privacy or citizens’ rights; and
  • the issue could result in significant impaired service, program failure, injury or loss of life, or significantly reduced economy, efficiency, or effectiveness.

The 2013 High Risk List adds climate change to the list of now 30 issues that meet these “high risk” criteria.[2] According to the GAO, the federal government allocates greater sums of money each year to climate change adaptation activities, but it is “not well organized to address the fiscal exposure presented by climate change, partly because of the inherently complicated, crosscutting nature of the issue.” In particular, the GAO is concerned that the federal government is exposed to “significant financial risks” from climate change: (1) as a property owner of extensive infrastructure; (2) as an insurer through the National Flood Insurance Program; (3) as an investor in infrastructure projects that state and local governments prioritize and supervise; and (4) as a provider of emergency aid in response to natural disasters.

In determining the scope of its policy recommendations, the GAO considered whether to focus on responses to prevent or reverse climate change or responses to adapt to the effects of climate change. In choosing to focus on adaptation strategies, GAO cites research from the National Research Council (NRC) and the United States Global Change Research Program (USGCRP) concluding that greenhouse gases already in the atmosphere will irrevocably alter the climate system for many decades.[3] The resulting policy recommendations advocate for key entities within the Executive Office of the President, including the Council on Environmental Quality (CEQ) and the Office of Science and Technology Policy, in consultation with federal, state, and local stakeholders, to develop “a government-wide strategic approach with strong leadership and the authority to manage climate change risks that encompasses the entire range of related federal activities and addresses all key elements of strategic planning.” The GAO anticipates that this centralized approach will increase efficiencies in these efforts and take advantage of economies of scale. Private entities that operate in the infrastructure sector, and in related industries, should monitor the executive and legislative responses to these broad-based recommendations.

The second report centers on one of the areas of concern from the climate change addition to the High Risk List — the federal government’s role in supporting state and local governments in their efforts to strengthen infrastructure vulnerable to the effects of climate change.[4] In it, the GAO examines (1) the impacts of climate change on infrastructure; (2) the extent to which climate change is incorporated into infrastructure planning; (3) factors that enabled some decision makers to implement adaptive measures; and (4) federal efforts to address local adaptation needs, as well as potential opportunities for improvement. Similar to the recommendations made in the climate change portion of the High Risk List, GAO advocates for a centralized system of information and data, as well as streamlined access to that data for local infrastructure decision makers, as one of the primary means to increasing and improving climate-related adaptions in infrastructure planning. Of the specific projects that GAO studied in order to prepare the report, those that had easy access to climate data and expertise to help interpret that data were more likely to incorporate adaptions to address the effects of climate change into their plans.

Furthermore, the GAO specifically recommends that CEQ finalize its 2010 guidance on how federal agencies should consider the effects of climate change in their evaluations of proposed federal actions under the National Environmental Policy Act (NEPA). Until the guidance is final, it is “unclear how, if at all, agencies are to consistently consider climate change in the NEPA process, creating the potential for inconsistent consideration of the effects of climate change in the NEPA process across the federal government.”[5] Therefore, entities involved in projects that fall under NEPA’s purview should monitor CEQ’s activities on this issue and consider submitting comments on any resulting guidance or regulation.

[1] GAO, High-Risk Series: An Update, Report No. GAO-13-283 (Feb. 2013)

[2] Id. at 61-76 (“Limiting the Federal Government’s Fiscal Exposure by Better Managing Climate Change Risks”).

[3] Id. at 63 (“[L]imiting the federal government’s fiscal exposure to climate change risks will present a challenge no matter the outcome of domestic and international efforts to reduce emissions”).

[4] GAO, Climate Change: Future Federal Adaptation Efforts Could Better Support Local Infrastructure Decision Makers, Report No. GAO-13-242 (Apr. 2013).

[5] Id. at 87. 

Article By:

 of

U.S. Medical Oncology Practice Sentenced for Use and Medicare Billing of Cancer Drugs Intended for Foreign Markets

GT Law

In a June 28, 2013 news release by the Office of the United States Attorney for the Southern District of Californiain San Diego, it was reported that a La Jolla, California medical oncology practice pleaded guilty and was sentenced to pay a $500,000 fine, forfeit $1.2 million in gross proceeds received from the Medicare program, and make restitution to Medicare in the amount of $1.7 million for purchasing unapproved foreign cancer drugs and billing the Medicare program as if the drugs were legitimate. Although the drugs contained the same active ingredients as drugs sold in the U.S. under the brand names Abraxane®, Alimta®, Aloxi®, Boniva®, Eloxatin®, Gemzar®, Neulasta®, Rituxan®, Taxotere®, Venofer® and Zometa®), the drugs purchased by the corporation were meant for markets outside the United States, and were not drugs approved by the FDA for use in the United States. Medicare provides reimbursement only for drugs approved by the Food and Drug Administration (FDA) for use in the United States. To conceal the scheme, the oncology practice fraudulently used and billed the Medicare program using reimbursement codes for FDA approved cancer drugs.

In pleading guilty, the practice admitted that from 2007 to 2011 it had purchased $3.4 million of foreign cancer drugs, knowing they had not been approved by the U.S. Food and Drug Administration for use in the United States. The practice admitted that it was aware that the drugs were intended for markets other than the United States and were not the drugs approved by the FDA for use in the United States because: (a) the packaging and shipping documents indicated that drugs were shipped to the office from outside the United States; (b) many of the invoices identified the origin of the drugs and intended markets for the drugs as countries other than the United States; (c) the labels did not bear the “Rx Only” language required by the FDA; (d) the labels did not bear the National Drug Code (NDC) numbers found on the versions of the drugs intended for the U.S. market; (e) many of the labels had information in foreign languages; (f) the drugs were purchased at a substantial discount; (g) the packing slips indicated that the drugs came from the United Kingdom; and (h) in October, 2008 the practice had received a notice from the FDA that a shipment of drugs had been detained because the drugs were unapproved.

In a related False Claims Act lawsuit filed by the United States, the physician and his medical practice corporation paid in excess of $2.2 million to settle allegations that they submitted false claims to the Medicare program. The corporation was allowed to apply that sum toward the amount owed in the criminal restitution to Medicare. The physician pleaded guilty to a misdemeanor charge of introducing unapproved drugs into interstate commerce, admitting that on July 8, 2010, he purchased the prescription drug MabThera (intended for market in Turkey and shipped from a source in Canada) and administered it to patients. Rituxan®, a product with the same active ingredient, is approved by the Food and Drug Administration for use in the United States.

Article By:

 of

Amendments to SEC Rules Regarding Broker Dealer Financial Responsibility and Reporting Requirements

Katten Muchin

The Securities and Exchange Commission adopted amendments to the financial responsibility requirements for broker dealers under the Securities Exchange Act of 1934 (Exchange Act) designed to safeguard customer securities and funds held by broker dealers. Such requirements include Exchange Act Rule 15c3-1 (Net Capital Rule), Rule 15c3-3 (Customer Protection Rule), Rules 17a-3 and 17a-4 (together, Books and Records Rules) and Rule 17a-11 (Notification Rule, and together with the Net Capital Rule, the Customer Protection Rule and the Books and Records Rules, the Financial Responsibility Rules).

The SEC amended the Customer Protection Rule to: (1) require “carrying broker dealers” that maintain customer securities and funds to maintain new segregated reserve accounts for account holders that are broker dealers; (2) place certain restrictions on cash bank deposits for purposes of the requirement to maintain a reserve to protect customer cash, by excluding cash deposits held at affiliated banks and limiting cash held at non-affiliated banks to an amount no greater than 15 percent of the bank’s equity capital, as reported by the bank in its most recent call report; and (3) establish customer disclosure, notice and affirmative consent requirements (for new accounts) for programs where customer cash in a securities account is “swept” to a money market or bank deposit product.

The SEC amended the Net Capital Rule to: (1) require a broker dealer when calculating net capital to include any liabilities that are assumed by a third party if the broker dealer cannot demonstrate that the third party has the resources to pay the liabilities; (2) require a broker dealer to treat as a liability any capital that is contributed under an agreement giving the investor the option to withdraw it; (3) require a broker dealer to treat as a liability any capital contribution that is withdrawn within a year of its contribution unless the broker dealer receives permission for the withdrawal in writing from its designated examining authority; (4) require a broker dealer to deduct from net capital (with regard to fidelity bonding requirements prescribed by a broker dealer’s self-regulatory organization (SRO)) the excess of any deductible amount over the amount permitted by the SRO’s rules; and (5) clarify that any broker dealer that becomes “insolvent” is required to cease conducting a securities business.

The SEC amended the Books and Records Rules to require large broker dealers (i.e., at least $1,000,000 in aggregate credits or $20,000,000 in capital) to document their market, credit and liquidity risk management controls. Under the amended Notification Rule there are new notification requirements for when a broker dealer’s repurchase and securities lending activities exceed 2,500 percent of tentative net capital (or, alternatively, a broker dealer may report monthly its stock loan and repurchase activity to its designated examining authority, in a form acceptable to such authority). In addition, the amended Notification Rule requires insolvent broker dealers to provide notice to regulatory authorities.

In a separate release, the SEC also amended Exchange Act Rule 17a-5 (Reporting Rule). Under the amended Reporting Rule, a broker dealer that has custody of the customers’ assets must file a “compliance report” with the SEC to verify that it is adhering to broker dealer capital requirements, protecting customer assets it holds and periodically sending account statements to customers. The broker dealer also must engage a Public Company Accounting Oversight Board (PCAOB)-registered independent public accountant to prepare a report based on an examination of certain statements in the broker dealer’s compliance report. A broker dealer that does not have custody of its customers’ assets must file an “exemption report” with the SEC citing its exemption from requirements applicable to carrying broker dealers. The broker dealer also must engage a PCAOB-registered independent public accountant to prepare a report based on a review of certain statements in the broker dealer’s exemption report. A broker dealer that is a member of the Securities Investor Protection Corporation (SIPC) also must file its annual reports with SIPC.

The rule amendments also require a broker dealer to file a new quarterly report, called Form Custody, that contains information about whether and how it maintains custody of its customers’ securities and cash. The SEC intends that examiners will use Form Custody as a starting point to focus their custody examinations. In addition, a broker dealer, regardless of whether it has custody of its clients’ assets, must agree to allow SEC or SRO staff to review the work papers of the independent public accountant if it is requested in writing for purposes of an examination of the broker dealer and must allow the accountant to discuss its findings with the examiners.

The effective date for the amendments to the Financial Responsibility Rules is 60 days after publication in the Federal Register. The effective date for the requirement to file Form Custody and the requirement to file annual reports with SIPC is Dec. 31, 2013. The effective date for the requirements relating to broker dealer annual reports is June 1, 2014.

Click here to read SEC Release No. 34-70072 (Financial Responsibility Rules for Broker Dealers).

Click here to read SEC Release No. 34-70073 (Broker Dealer Reports).

 of

Resale Price Maintenance in China: Enforcement Authorities Imposing Large Fines for Anti-Monopoly Law Violations

McDermottLogo_2c_rgb

Recently Shanghai High People’s Court reached a decision in the first lawsuit involving resale price maintenance (RPM) since China’s Anti-Monopoly Law (AML) came into effect five years ago.  Shortly thereafter, a key enforcement agency announced RPM-related fines against six milk powder companies, five of which are non-Chinese.  Both cases clearly show that RPM can be a violation of the AML, and that RPM is currently under much greater scrutiny by enforcement authorities.  It would be prudent for all foreign corporations active in China’s consumer markets to take heed of these changes in China and conduct an immediate review of any potential RPM violations.

On 1 August 2013 the Shanghai High People’s Court reached a decision in the first anti-monopoly lawsuit involving resale price maintenance (RPM) since China’s Anti-Monopoly Law (AML) came into effect in August 2008.  In addition to this judicial decision, on 7 August 2013 one of the key agencies in charge of enforcing the AML, the National Development and Reform Commission (NDRC), announced RPM-related fines of USD 109 million against six milk powder companies, five of which are non-Chinese.  Both the High People’s Court and the NDRC have been striving to clarify how they will treat RPM, and specifically have focused on the issue of whether RPM should be treated as a per se violation or should be evaluated according to a “rule of reason” analysis.

Judicial Decisions in Civil Lawsuits

According to the recent decision by the Shanghai High People’s Court, in order to hold that an RPM provision is a monopoly agreement, the court must find that the RPM provision has restricted or eliminated competition.  Furthermore, the burden of proof will be on the plaintiff to show a restriction or elimination of competition arising out of the RPM.  The High People’s Court explicitly stated that this burden is the opposite from the burden of proof for horizontal monopolies, such as a cartel, in which case the burden of proof falls on the defendant to show that the agreement does not have any effect of eliminating or restricting competition.  This burden for horizontal monopolies has been further examined and confirmed by the “Judicial Interpretation of Anti-Monopoly Disputes” that was issued by China’s Supreme People’s Court on 1 June 2012.

Administrative Decisions in Enforcement Actions—Liquor and Infant Milk Formula

There have been several key RPM enforcement actions in 2013.  In February, the NDRC imposed a fine of USD 80 million on the famous Chinese liquor brands Maotai and Wuliangye for requiring distributors to resell the products above a certain price, which is common in some sectors in China.  On 2 July, according to the Price Supervision and Anti-Monopoly Bureau of the NDRC, six milk powder companies came under investigation for RPM violations of the AML.  According to the NDRC’s statements on the case, “from the evidence obtained, the milk powder companies under investigation instituted price controls over distributors and retailers, which excluded and limited market competition and therefore are alleged to have violated the Anti-Monopoly Law”.  The NDRC later announced record fines in that case of USD 109 million, which were the equivalent of between 3 per cent and 6 per cent of the companies’ revenue in 2012.

According to media reports, in the Maotai and Wuliangye cases, the NDRC provided clear indications about some of the factors that it will consider when determining whether the RPM has “eliminated or restricted competition”.   Specifically, when assessing the relevant market and market power of the two companies, the NDRC analysed the market structure and the role played by the two companies in the liquor industry, as well as the degree to which the products are substitutable with similar products and the loyalty of consumers towards the two liquors.  Based on this analysis, the NDRC concluded that the RPM provisions in the agreements with distributors of the two liquor giants eliminated and restricted competition, and thus were vertical “monopoly agreements”.

According to recent media reports, the NDRC has indicated it will “severely crack down” on and sanction vertical monopoly agreements such as RPM if they are maintained by business operators dominant in the market.  If business operators are not dominant, the NDRC reportedly indicated that it would still investigate all vertical monopoly conduct and determine if there has been any elimination or restriction of competition.

Conclusions

These civil lawsuits and administrative cases clearly show that RPM can be a violation of the AML and that RPM is currently under much greater scrutiny by enforcement authorities.  If RPM is an issue in civil lawsuits, a plaintiff will have to prove that RPM eliminates or restricts competition.  However, there are some indications that this burden of proof may be easily met.  In administrative cases, the NDRC will have to be satisfied that it has sufficient proof to show there is an elimination or restriction of competition.  However, it is unclear what level of evidence would be required to show such a restriction and it may not be a very high level, especially if the accused business operator is dominant in the market.

RPM has been a common feature of distribution agreements and other contracts in many sectors in China.  However, the recent cases clearly show there is a serious compliance risk if RPM continues to be part of a corporation’s normal practices.  This is particularly true for business operators that have a dominant market position or a group of business operators that are regarded as jointly dominant under the AML (in China, in certain circumstances, dominance is presumed with a market share as low as 10 per cent).  Unless the RPM conduct clearly falls within an exception in Article 15 of the AML, a company using RPM may face serious fines and confiscation of illegal gains.  It would be prudent for all foreign corporations active in China’s consumer markets to take heed of these changes to the enforcement priorities of the competition/antitrust authorities in China and conduct an immediate review of any potential RPM violations.

Alex An and Jared Nelson also contributed to this article.

Article By:

 of