Global Med Device Investigation Highlights Importance of Managing Risk Alongside Innovation
The health and life sciences ecosystems are converging to become consumer-centric thanks in large part to the infiltration of technology. Take the Open Artificial Pancreas System project (OpenAPS) as an example. After a large network of consumers around the world grew tired of waiting on developers to get an artificial pancreas approved through traditional regulatory routes, OpenAPS
decided to take matters into its own hands and create a guide for building one themselves using technology.
In response to changing demands of tech-empowered consumers, industry regulators have in recent years taken the much-needed action of updating approval frameworks in the name of patient care innovation.
But as the International Consortium of Investigative Journalists (ICIJ)’s recently published ‘Implant Files’ series on the medical device industry reveals, balancing much-needed care innovation with risk management is crucial to patient safety.
of the series include:
- Products with little to no human testing have been allowed on the market around the world and have caused harm to consumers.
- Some devices pulled off the market because of safety concerns in certain countries have remained for sale in others.
- In reports to U.S. regulators over the last 10 years, manufacturers, doctors and others said medical devices were potentially linked to nearly 2 million injuries and more than 80,000 deaths.
The investigation highlights the need for greater clinical due diligence and better information-sharing between providers and patients, as well as among regulatory bodies across borders.
The heightened focus on value-based outcomes versus fee-for-service and growing cybersecurity concerns, meanwhile, add other dimensions: increased risk around the False Claims Act (FCA) and cybersecurity, as we’ve written in previous blogs:
- In a unanimous decision, the Supreme Court on June 16 upheld the “implied false certification” theory of liability under the FCA, potentially opening up healthcare providers to new compliance risk—and providing openings for whistleblowers. The theory treats a Medicaid payment request as an “implied certification of compliance” with pertinent statutes, regulations or contract requirements “material” to conditions of payment, the Court explained in its opinion. Significantly, the Court defined material broadly, as “having a natural tendency to influence, or be capable of influencing, the payment or receipt of money or property.”
- The ruling settled the case of Universal Health Services, Inc. (UHS) v. United States ex rel. Escobar. At the center of the case, a UHS subsidiary, Arbour Health Services, provided mental health services to the Escobars’ daughter, a teenager who died after suffering a seizure in reaction to medication Arbour prescribed. Under the FCA, the Escobars filed a whistleblower suit, known as qui tam, against Arbour, alleging that it had defrauded the government by a lie of omission: failing to disclose that few of their employees were even licensed to provide mental health counseling, to prescribe medications or to offer counseling without supervision.
- Arbour’s non-compliance with state credential requirements, the Court explained, was “so central to the provision of mental health counseling that the Medicaid program would have refused to pay these claims had it known of these violations.”
While Arbour indeed provided the health services it submitted a claim for—in this case, mental health treatment—the ruling determined that it defrauded the government by knowingly misrepresenting the quality
of that care.
The Court’s FCA decision has outsized implications for compliance in healthcare, an industry with considerable risk and in many cases, systemically inefficient.
- First, as reimbursement methods are overhauled to tie more payments to quality of care, income for providers will depend on value-based outcomes that they’ll have to validate. Providers will have to demonstrate, explicitly or implicitly, evidence that their treatment is compliant with clinical protocols—a difficult feat in an industry in the midst of re-defining standards of care, often across multiple collaborating providers. Providers will be held accountable for their partners’ protocols and standards of care, too. This shift to quality over quantity of care, whereby providers can now be held liable for non-compliance with regulations inexplicit in terms of payment, exposes them to significant penalties under the FCA.
- Second, while the Court defined material in multiple ways, it still left much room for interpretation. Courts will have to decide whose definition of material is correct: the defendant’s or the plaintiff’s. Depending on individual outcomes, the decision could prove costly for providers.
- Finally, the Court’s ruling made the definition of a false claim much wider. Providers will likely see an increase in fraud investigations, and an expansion of the scope of allowable discovery in FCA cases beyond misrepresentations of expressly labeled conditions of payment. To argue for or against materiality will require a deeper look at past precedent and may include any evidence of deficiencies in regulatory guidance or standards of practice that would have impacted the government’s decision to pay the claim. The heavier discovery burden will force stragglers to get on board with advanced technologies, such as data analytics and visualization or technology assisted review, to gather and comprehend the entire universe of relevant evidence efficiently and effectively.
- On Dec. 13, President Obama signed the 21st Century Cures Act (the Cures Act) into law, boosting healthcare research dollars, streamlining the Food and Drug Administration (FDA)’s drug and medical device approvals processes, and advancing mental health and addiction treatments.
- The Cures Act included $500 million in funding to the FDA to:
- modernize clinical trials and the ways safety and efficacy data is analyzed
- streamline regulations so the process for securing approvals on medical devices, technologies, vaccines and regenerative medicine therapies is more efficient and
- provide the FDA with greater flexibility in reviewing and approving medical devices if they provide first-of-a-kind technologies.
- It also allocated resources aimed at improving the interoperability of electronic health records (EHR) systems and improving providers’ education on the latest medical technologies.
The law underlined the government’s focus on expediting the development of cures for serious diseases that are not only devastating to patients, but also add up to a significant share of the total cost of healthcare nationally.
It also continues to warrant special attention where compliance is concerned, and providers should closely monitor and address certain components
more than others. In the context of patient care innovation, these include:
- Expedited FDA approvals: While Cures opened new (and quicker) avenues to secure drug and medical device approvals—and knocked down the regulatory obstacle to quicker medical innovation—it also left greater risk for product discrepancies to slip through the cracks.
- Cybersecurity: With new types of risk to medical devices stemming from cybersecurity and greater regulatory scrutiny under the False Claims Act, providers should put internal controls in place to adequately assess the quality of drugs and devices before prescribing them to patients. Because the law requires the FDA to consider real-world evidence in making approval decisions, providers should incorporate this data into their internal controls and choose their partners accordingly. The new law promotes innovation in the medical device area, and thus, the industry will see a significant increase in new vendors. While organizations should continue to pursue partnerships with vendors who can provide innovative ways to enhance patient treatment and satisfaction, they should do so with a healthy dose of cautious optimism. With a proliferation of new opportunities to expedite innovation, not all vendors will have appropriate policies, procedures and internal controls in place to ensure compliance with the CMS and state regulations, and, most importantly, patient safety.
Today’s BDO Pulse Check
In this environment of technology infiltration and faster innovation, health organizations—private and public alike—share the responsibilities of improving the quality of outcomes, bringing down care costs and collaborating within and beyond their traditional supply chains.
But they must not forget the importance of managing risk, and protecting patient safety, in the process.
With no warning system to communicate health alerts and recalls to patients and health providers across national borders, due diligence is a critical step when partnering with vendors to identify new innovative techniques and devices to pursue.
Looking into approval processes for new products, quality control management and process for securing FDA approvals are key. They must also take a closer look at their internal compliance controls, paying close attention to potential FCA and cybersecurity scrutiny. Typical examples of false claims include improper billings, paying physicians for referrals or kickbacks, ghost patients, up-coding of services and services not rendered but billed. But the expanse of the FCA has been considerable since its inception.
Under the cybersecurity lens, if an organization bills for services rendered but the quality of those services is non-compliant with security requirements—or if it is aware of a potential vulnerability but fails to disclose it—the organization might be deemed non-compliant with the FCA. For an FDA-regulated medical device manufacturer, consequences could also include a costly device recall and having to resubmit the device for FDA approval.
When it comes down to it, the consumer is the epicenter of all concern. Medical devices alone were linked to almost 83,000 deaths and 1.7 million injuries in the last 10 years, the ICIJ found. The ultimate cost of non-compliance—and the goal of improving innovation while still maintaining the proper level of risk management—is patient safety.
Learn more about how to manage compliance and regulatory risk while keeping up with innovation.
Don’t miss the latest BDO News and insights – subscribe here.