Healthcare Law and Regulation
Healthcare providers and third-party payors play a primary role in the recommendation and prescription of pharmaceutical products that are granted marketing approval. Our current and future arrangements with providers, researchers, consultants, third-party payors and customers are subject to broadly applicable federal and state fraud and abuse, anti-kickback, false claims, transparency and patient privacy laws and regulations and other healthcare laws and regulations that may constrain our business and/or financial arrangements. Restrictions under applicable federal and state healthcare laws and regulations include, without limitation, the following:
- the U.S. federal Anti-Kickback Statute (AKS) prohibits, among other things, persons and entities from knowingly and willfully soliciting, receiving, offering, or paying remuneration, directly or indirectly, in cash or in kind, to induce or reward either the referral of an individual for, or the purchase, order or recommendation of, any good or service, for which payment may be made, in whole or in part, under a federal healthcare program such as Medicare and Medicaid. This statute has been interpreted to apply to arrangements between pharmaceutical manufacturers on the one hand and prescribers, purchasers and formulary managers on the other. A person or entity can be found guilty of violating the AKS without actual knowledge of the statute or specific intent to violate it. In addition, the government may assert that a claim including items or services resulting from a violation of the AKS constitutes a false or fraudulent claim for purposes of the federal False Claims Act or federal civil money penalties statute. Violations of the AKS carry potentially significant civil and criminal penalties, including imprisonment, fines, administrative civil monetary penalties, and exclusion from participation in federal healthcare programs. On December 2, 2020, the Office of Inspector General (OIG) published further modifications to the AKS. Under the final rules, OIG added safe harbor protections under the AKS for certain coordinated care and value-based arrangements among clinicians, providers, and others. This rule (with exceptions) became effective January 19, 2021. We continue to evaluate what effect, if any, the rule will have on our business;
- the U.S. federal false claims and civil monetary penalties laws, including the civil False Claims Act and federal civil monetary penalty laws, which, among other things, impose criminal and civil penalties, including through civil whistleblower or qui tam actions, against individuals or entities for knowingly presenting, or causing to be presented, to the U.S. federal government, claims for payment or approval that are false or fraudulent, knowingly making, using or causing to be made or used, a false record or statement material to a false or fraudulent claim or obligation to pay or transmit money to the federal government, or from knowingly making a false statement to avoid, decrease or conceal an obligation to pay money to the U.S. federal government. In addition, the government may assert that a claim including items and services resulting from a violation of the AKS constitutes a false or fraudulent claim for purposes of the False Claims Act. Manufacturers can be held liable under the False Claims Act even when they do not submit claims directly to government payors if they are deemed to “cause” the submission of false or fraudulent claims. The False Claims Act also permits a private individual acting as a “whistleblower” to bring qui tam actions on behalf of the federal government alleging violations of the False Claims Act and to share in any monetary recovery. When an entity is determined to have violated the federal civil False Claims Act, the government may impose civil fines and penalties for each false claim, plus treble damages, and exclude the entity from participation in Medicare, Medicaid and other federal healthcare programs;
- the U.S. federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) which imposes criminal and civil liability for, among other things, knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program, or obtaining by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program, regardless of the pay (e.g., public or private) or knowingly and willfully falsifying, concealing or covering up a material fact or making any materially false statement, in connection with the delivery of, or payment for, healthcare benefits, items or services relating to healthcare matters; similar to the AKS, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation;
- HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) and its implementing regulations, and as amended again by the Omnibus Rule in 2013, which imposes certain obligations, including mandatory contractual terms, with respect to safeguarding the privacy, security and transmission of individually identifiable health information without appropriate authorization by covered entities subject to the Final HIPAA Omnibus Rule, i.e., certain covered health plans, healthcare clearinghouses and healthcare providers, as well as their business associates, those independent contractors or agents of covered entities that perform certain services for or on their behalf involving the use or disclosure of individually identifiable health information. HITECH also created new tiers of civil monetary penalties, amended HIPAA to make civil and criminal penalties directly applicable to business associates and possibly other persons, and gave state attorneys general new authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions;
- the federal transparency requirements known as the federal Physician Payments Sunshine Act, under the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (collectively, the ACA), which requires certain manufacturers of drugs, devices, biologics and medical supplies to report annually to CMS information related to payments and other transfers of value made by that entity to physicians (currently defined to include doctors, dentists, optometrists, podiatrists and chiropractors), certain non-physician providers such as physician assistants and nurse practitioners and teaching hospitals, as well as ownership and investment interests held by physicians and their immediate family members. Failure to submit required information may result in civil monetary penalties for all payments, transfers of value or ownership or investment interests that are not timely, accurately, and completely reported in an annual submission;
- federal government price reporting laws, which require us to calculate and report complex pricing metrics in an accurate and timely manner to government programs;
- federal consumer protection and unfair competition laws, which broadly regulate marketplace activities and activities that potentially harm consumers;
- analogous state laws and regulations, including: state anti-kickback and false claims laws, which may apply to our business practices, including, but not limited to, research, distribution, sales and marketing arrangements and claims involving healthcare items or services reimbursed by any third party payor, including commercial insurers; state laws that require pharmaceutical companies to comply with the pharmaceutical industry’s voluntary compliance guidelines and the relevant compliance guidance promulgated by the U.S. federal government, or otherwise restrict payments that may be made to healthcare providers and other potential referral sources; state and local laws that require the licensure of sales representatives; state laws that require drug manufacturers to report information related to payments and other transfers of value to physicians and other healthcare providers or marketing expenditures and pricing information; state laws governing the privacy and security of health information in certain circumstances, many of which differ from each other in significant ways and may not have the same effect; and state laws related to insurance fraud in the case of claims involving private insurers; and
- EU, UK and other foreign law equivalents, including reporting requirements detailing interactions with and payments to healthcare providers and data privacy and security laws and regulations that may be more stringent than those in the U.S.
Some state laws require pharmaceutical companies to comply with the April 2003 Office of Inspector General Compliance Program Guidance for Pharmaceutical Manufacturers and/or the Pharmaceutical Research and Manufacturers of America’s Code on Interactions with Healthcare Professionals, in addition to requiring pharmaceutical manufacturers to report information related to payments to physicians and other healthcare providers or marketing expenditures. Several states also impose other marketing restrictions or require pharmaceutical companies to make marketing or price disclosures to the state and require the registration of pharmaceutical sales representatives State and foreign laws, including for example the EU General Data Protection Regulation, which became effective May 2018, also govern the privacy and security of health information in some circumstances, many of which differ from each other in significant ways and often are not preempted by HIPAA, thus complicating compliance efforts. There are ambiguities as to what is required to comply with these state requirements and if we fail to comply with an applicable state law requirement, we could be subject to penalties.
We have and will continue to spend substantial time and money to ensure that our business arrangements with third parties comply with applicable healthcare laws and regulations. Recent healthcare reform legislation has strengthened these federal and state healthcare laws. Because of the breadth of these laws and the narrowness of the statutory exceptions and safe harbors available, it is possible that some of our business activities could be subject to challenge under one or more of such laws.
Other laws that may affect our ability to operate include:
- the anti-inducement law prohibits, among other things, the offering or giving of remuneration, which includes, without limitation, any transfer of items or services for free or for less than fair market value (with limited exceptions), to a Medicare or Medicaid beneficiary that the person know or should know is likely to influence the beneficiary’s selection of a particular supplier of items or services reimbursable by a federal or state governmental program; and
- European and other foreign law equivalents of each of the laws, including reporting requirements detailing interactions with and payments to healthcare providers.
In the U.S., to help patients afford our approved product, we may utilize programs to assist them, including patient assistance programs and co-pay coupon programs for eligible patients. Government enforcement agencies have shown increased interest in pharmaceutical companies’ product and patient assistance programs, including reimbursement support services, and a number of investigations into these programs have resulted in significant civil and criminal settlements. In addition, at least one insurer has directed its network pharmacies to no longer accept co-pay coupons for certain specialty drugs the insurer identified. Our co-pay coupon programs could become the target of similar insurer actions. In addition, in November 2013, the CMS issued guidance to the issuers of qualified health plans sold through the ACA’s marketplaces encouraging such plans to reject patient cost-sharing support from third parties and indicating that the CMS intends to monitor the provision of such support and may take regulatory action to limit it in the future. The CMS subsequently issued a rule requiring individual market qualified health plans to accept third-party premium and cost-sharing payments from certain government-related entities. In September 2014, the OIG of the HHS issued a Special Advisory Bulletin warning manufacturers that they may be subject to sanctions under the AKS and/or civil monetary penalty laws if they do not take appropriate steps to exclude Part D beneficiaries from using co-pay coupons. Accordingly, companies exclude these Part D beneficiaries from using co-pay coupons. It is possible that changes in insurer policies regarding co-pay coupons and/or the introduction and enactment of new legislation or regulatory action could restrict or otherwise negatively affect these patient support programs, which could result in fewer patients using affected products, and therefore could have a material adverse effect on our sales, business, and financial condition.
Third party patient assistance programs that receive financial support from companies have become the subject of enhanced government and regulatory scrutiny. The OIG has established guidelines that suggest that it is lawful for pharmaceutical manufacturers to make donations to charitable organizations who provide co-pay assistance to Medicare patients, provided that such organizations, among other things, are bona fide charities, are entirely independent of and not controlled by the manufacturer, provide aid to applicants on a first-come basis according to consistent financial criteria and do not link aid to use of a donor’s product. However, donations to patient assistance programs have received some negative publicity and have been the subject of multiple government enforcement actions, related to allegations regarding their use to promote branded pharmaceutical products over other less costly alternatives. Specifically, in recent years, there have been multiple settlements resulting out of government claims challenging the legality of their patient assistance programs under a variety of federal and state laws. It is possible that we may make grants to independent charitable foundations that help financially needy patients with their premium, co-pay, and co-insurance obligations. If we choose to do so, and if we or our vendors or donation recipients are deemed to fail to comply with relevant laws, regulations or evolving government guidance in the operation of these programs, we could be subject to damages, fines, penalties, or other criminal, civil, or administrative sanctions or enforcement actions. We cannot ensure that our compliance controls, policies, and procedures will be sufficient to protect against acts of our employees, business partners, or vendors that may violate the laws or regulations of the jurisdictions in which we operate. Regardless of whether we have complied with the law, a government investigation could impact our business practices, harm our reputation, divert the attention of management, increase our expenses, and reduce the availability of foundation support for our patients who need assistance.
On December 2, 2020, the HHS published a regulation removing safe harbor protection for price reductions from pharmaceutical manufacturers to plan sponsors under Part D, either directly or through pharmacy benefit managers (PBMs), unless the price reduction is required by law. The rule also creates a new safe harbor for price reductions reflected at the point-of-sale, as well as a safe harbor for certain fixed fee arrangements between PBMs and manufacturers. Implementation of this change and new safe harbors for point-of-sale reductions in price for prescription pharmaceutical products and PBM service fees has been delayed until January 1, 2032. Further, on December 31, 2020, CMS published a new rule, effective January 1, 2023, requiring manufacturers to ensure the full value of co-pay assistance is passed on to the patient or these dollars will count toward the AMP and Best Price calculation of the drug. On May 21, 2021, PhRMA sued the HHS in the U.S. District Court for the District of Columbia, to stop the implementation of the rule claiming that the rule contradicts federal law surrounding Medicaid rebates, and on May 17, 2022, the court vacated the rule.
Violations of these laws can subject us to criminal, civil and administrative sanctions including monetary penalties, damages, fines, disgorgement, individual imprisonment and exclusion from participation in government funded healthcare programs, such as Medicare and Medicaid, additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws, reputational harm, and we may be required to curtail or restructure our operations. Moreover, we expect that there will continue to be federal and state laws and regulations, proposed and implemented, that could impact our future operations and business.
Because of the breadth of these laws and the narrowness of the statutory exceptions and safe harbors available, it is possible that some of our business activities could be subject to challenge under one or more of such laws. Ensuring that our internal operations and future business arrangements with third parties comply with applicable healthcare laws and regulations will involve substantial costs. It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations, agency guidance or case law involving applicable fraud and abuse or other healthcare laws and regulations. If our operations are found to be in violation of any of the laws described above or any other governmental laws and regulations that may apply to us, we may be subject to significant penalties, including administrative, civil and criminal penalties, damages, fines, disgorgement, the exclusion from participation in federal and state healthcare programs, individual imprisonment, reputational harm, and the curtailment or restructuring of our operations, as well as additional reporting obligations and oversight if we become subject to a corporate integrity agreement or other agreement to resolve allegations of non-compliance with these laws. Further, defending against any such actions can be costly and time-consuming, and may require significant financial and personnel resources. Therefore, even if we are successful in defending against any such actions that may be brought against us, our business may be impaired. If any of the physicians or other providers or entities with whom we expect to do business are found to not be in compliance with applicable laws, they may be subject to criminal, civil or administrative sanctions, including exclusions from government funded healthcare programs and imprisonment. If any of the above occur, our ability to operate our business and our results of operations could be adversely affected.