Earlier this week, Takeda Pharmaceutical Co. was ordered to pay $6 billion in punitive damages by a jury in Lafayette, Louisiana. Eli Lilly, Takeda’s co-promotion partner, was ordered to pay an additional $3 billion. The jury found that Takeda hid the risks that Actos, its multibillion dollar diabetes medicine, put patients at a higher risk of bladder cancer. A $1.475 million compensatory award also was granted in addition to the combined $9 billion in punitive damages.
In January, Judge Rebecca Doherty ruled that Takeda acted in “bad faith” and destroyed documents that showed Takeda knew Actos could increase the risk of bladder cancer in patients. Despite a litigation hold issued in 2002 that required retention of all documents and electronic data related to Actos, the court found that documents were destroyed as late as 2011. As a penalty for failing to preserve documents in accordance with the litigation hold, Judge Doherty instructed the jurors that they could infer the destroyed evidence supported the plaintiff’s claims.
The U.S. Department of Health and Human Services (“HHS”), in collaboration with the Office of the National Coordinator for Health Information Technology (“ONC”), recently developed a tool to assist certain health care providers with conducting security risk assessments (the “SRA Tool”) as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The HIPAA Security Rule requires all Covered Entities and Business Associates to assess potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Health Information (“ePHI”) accurately and thoroughly. The SRA Tool was created to assist certain entities with the assessment process and also to facilitate the creation of documentation that may be useful in the event of an audit.
The Centers for Medicare & Medicaid Services (CMS) announced today that it will be conducting a series of teleconferences intended for medical society and association staff, physicians, practitioners, and practice managers interested in learning more about the federal Sunshine law and Open Payments program. This announcement comes as applicable manufacturers and group purchasing organizations near the completion of Phase I reporting by March 31, 2014. Topics will include an overview of the Final Rule, information on the role of health care professionals (HCPs) in the Open Payments program, resources available to HCPs, and key program dates, followed by a question and answer session. The teleconferences will be conducted at the following times:
- HCPs in CMS Regions 1, 2, 3, 4: Tuesday, April 15, 2014, 1:00 – 2:00 PM Eastern
- HCPs in CMS Regions 5, 6, 7, 8: Wednesday, April 16, 2014, 12:00 – 1:00 PM Central
- HCPs in CMS Regions 9 and 10: Tuesday, April 22, 2014, 11:00 AM – 12:00 PM Pacific
Last week, Los Angeles County Superior Court Judge Elihu Berle tentatively approved a $4.1 million settlement of a class action claim that Stanford Hospital & Clinics violated the California Confidentiality of Medical Information Act when the medical information of about 20,000 emergency room patients was posted online for nearly a year from 2010 until 2011.
BioScrip agreed to pay $15 million to settle a False Claims Act (FCA) suit alleging that it received kickbacks from Novartis Pharmaceuticals related to its distribution of Exjade through its legacy specialty pharmacy operations. The Department of Justice (DOJ) alleged that Novartis directed BioScrip to increase patient refills on Exjade and, over the next several years as BioScrip increased its Exjade refill levels, Novartis in turn granted it higher rebates for each Exjade shipment and referred a greater percentage of undesignated patients from the Exjade Patient Assistance and Support Services Network. The government’s investigation of Novartis continues (see “Investigations” below).
On March 7, 2014, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that Skagit County, Washington, has agreed to pay $215,000 and enter into a three year corrective action plan in order to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In 2011, Skagit County reported to OCR the potential Breach of seven individuals’ Protected Health Information (“PHI”). Upon investigation, OCR found that Skagit County had actually made the PHI of over 1,500 individuals publicly available on-line for two weeks. OCR’s investigation also revealed Skagit County’s “general and widespread non-compliance…with the HIPAA Privacy, Security, and Breach Notification Rules.” This settlement is notable largely because it is the first between OCR and a county government related to alleged HIPAA violations. Continue reading