Federal Jury Finds Takeda Pharmaceuticals Destroyed Documents: Awards Plaintiffs $6 Billion in Punitive Damages

Earlier this week, Takeda Pharmaceutical Co. was ordered to pay $6 billion in punitive damages by a jury in Lafayette, Louisiana. Eli Lilly, Takeda’s co-promotion partner, was ordered to pay an additional $3 billion. The jury found that Takeda hid the risks that Actos, its multibillion dollar diabetes medicine, put patients at a higher risk of bladder cancer. A $1.475 million compensatory award also was granted in addition to the combined $9 billion in punitive damages.

In January, Judge Rebecca Doherty ruled that Takeda acted in “bad faith” and destroyed documents that showed Takeda knew Actos could increase the risk of bladder cancer in patients. Despite a litigation hold issued in 2002 that required retention of all documents and electronic data related to Actos, the court found that documents were destroyed as late as 2011. As a penalty for failing to preserve documents in accordance with the litigation hold, Judge Doherty instructed the jurors that they could infer the destroyed evidence supported the plaintiff’s claims.

Continue reading

Leave a comment

Filed under Litigation

HHS Releases Security Risk Assessment Tool for Small Provider Groups

The U.S. Department of Health and Human Services (“HHS”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed a tool to assist certain health care providers with conducting security risk assessments (the “SRA Tool”) as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  The HIPAA Security Rule requires all Covered Entities and Business Associates to assess potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Health Information (“ePHI”) accurately and thoroughly.  The SRA Tool was created to assist certain entities with the assessment process and also to facilitate the creation of documentation that may be useful in the event of an audit.

Continue reading

Leave a comment

Filed under DHHS OIG, Electronic Medical Records, Health Information Privacy, Health IT, HIPAA, Privacy and Security

CMS Announces Webinars for HCPs Interested in Sunshine Reporting

The Centers for Medicare & Medicaid Services (CMS) announced today that it will be conducting a series of teleconferences intended for medical society and association staff, physicians, practitioners, and practice managers interested in learning more about the federal Sunshine law and Open Payments program.  This announcement comes as applicable manufacturers and group purchasing organizations near the completion of Phase I reporting by March 31, 2014.  Topics will include an overview of the Final Rule, information on the role of health care professionals (HCPs) in the Open Payments program, resources available to HCPs, and key program dates, followed by a question and answer session.  The teleconferences will be conducted at the following times:

  • HCPs in CMS Regions 1, 2, 3, 4: Tuesday, April 15, 2014, 1:00 – 2:00 PM Eastern
  • HCPs in CMS Regions 5, 6, 7, 8: Wednesday, April 16, 2014, 12:00 – 1:00 PM Central
  • HCPs in CMS Regions 9 and 10: Tuesday, April 22, 2014, 11:00 AM – 12:00 PM Pacific

Leave a comment

Filed under Federal Transparency

$4.1 Million Settlement Approved in Stanford Data Breach Action

Last week, Los Angeles County Superior Court Judge Elihu Berle tentatively approved a $4.1 million settlement of a class action claim that Stanford Hospital & Clinics violated the California Confidentiality of Medical Information Act when the medical information of about 20,000 emergency room patients was posted online for nearly a year from 2010 until 2011.

Continue reading

Leave a comment

Filed under Health Information Privacy, Health IT, Privacy and Security


Litigation Round-up


BioScrip agreed to pay $15 million to settle a False Claims Act (FCA) suit alleging that it received kickbacks from Novartis Pharmaceuticals related to its distribution of Exjade through its legacy specialty pharmacy operations.  The Department of Justice (DOJ) alleged that Novartis directed BioScrip to increase patient refills on Exjade and, over the next several years as BioScrip increased its Exjade refill levels, Novartis in turn granted it higher rebates for each Exjade shipment and referred a greater percentage of undesignated patients from the Exjade Patient Assistance and Support Services Network.  The government’s investigation of Novartis continues (see “Investigations” below).

Continue reading

1 Comment

Filed under Government Enforcement

FDA Enforcement of Pharmaceutical Websites Continues

The Food and Drug Administration’s (FDA) Office of Prescription Drug Promotion (OPDP) recently posted an untitled letter to Institut Biochimique SA (IBSA) and Akrimax Pharmaceuticals, LLC (Akrimax), the U.S. agent for Tirosint. The OPDP raised concerns regarding IBSA’s Facebook page for Tirosint because it failed to provide any risk information regarding its use, even though Tirosint is associated with a number of serious risks, including a Boxed Warning related to the use of the product for the treatment of obesity or weight loss.  According to the OPDP, “[b]y omitting the most serious and frequently occurring risks associated with Tirosint, the Facebook webpage misleadingly suggests that Tirosint is safer than has been demonstrated.”  The Facebook page also omitted material information regarding Tirosint’s FDA-approved indication.

Continue reading

Leave a comment

Filed under FDA Enforcement

County Pays $215,000 to Resolve Alleged HIPAA Non-Compliance

On March 7, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Skagit County, Washington, has agreed to pay $215,000 and enter into a three year corrective action plan in order to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  In 2011, Skagit County reported to OCR the potential Breach of seven individuals’ Protected Health Information (“PHI”).  Upon investigation, OCR found that Skagit County had actually made the PHI of over 1,500 individuals publicly available on-line for two weeks.  OCR’s investigation also revealed Skagit County’s “general and widespread non-compliance…with the HIPAA Privacy, Security, and Breach Notification Rules.”  This settlement is notable largely because it is the first between OCR and a county government related to alleged HIPAA violations. Continue reading

Leave a comment

Filed under Cooley Trackers, Government Enforcement, Health Information Privacy, Health IT, HIPAA, HITECH Act, Privacy and Security