In early April, the U.S. Department of Justice (DOJ) Civil Division’s Consumer Protection Branch (CPB) published its first-ever “Recent Highlights” report. The report provides background on the CPB, highlights from its recent work and discusses the CPB’s enforcement priorities.
The report leads with the CPB’s work on consumer health and safety matters, highlighting a subset of the CPB’s work relating to clinical trial fraud. Not only is clinical trial fraud, as noted in the report, an enforcement priority for the CPB, these cases are worth further attention because they frequently involve federal funds, raising the risk of an investigation, government enforcement action or private whistleblower suit under the False Claims Act (FCA). And clinical trials are closely tied to other federal enforcement priorities, including the DOJ’s interests in corporate misconduct, particularly for health care and medical device companies that may have received COVID-related funds, corresponding individual accountability, and the DOJ’s new FCA-based civil cyber-fraud initiative. Companies, academic institutions, research organizations and individuals involved in, or that rely on, clinical trials should be proactive about managing related risks, including updating policies and controls for issues such as cybersecurity and data privacy.
The CPB has the authority to initiate civil and criminal actions, as well as represent various federal agencies in defensive litigation. The CPB report touts that between October 2020 and December 2021, they brought cases against over 200 individual defendants, secured 17 corporate guilty pleas, entered into five corporate deferred prosecution agreements and resolved 29 corporate civil matters. Across its matters in the past year, the CPB recovered over $6.38 billion dollars in resolutions and judgments.
While speaking about the CPB’s priorities, Deputy Assistant Attorney General Arun G. Rao, who oversees the CPB, highlighted clinical trial fraud as a key topic for future enforcement efforts. He referenced two recent clinical trial fraud cases, saying these CPB matters “represent only a sample of the CPB’s clinical trial fraud enforcement efforts, and we expect to bring further actions in the coming months.” He went on to explain how clinical trial fraud can harm the public’s trust in testing and the U.S. Food and Drug Administration (FDA) approval process, as perpetrators “are trafficking in misinformation, leading consumers to put faith in falsehoods instead of sound medical treatments that have been scientifically proven to be safe and effective.”
The CPB’s recent highlights report similarly emphasized that its allegations “often” include clinical trial fraud and provided details for two recent enforcement actions.
While these “highlight” cases focused on individuals who engaged in egregious misconduct (not on the study sponsors or CROs), they serve as a warning to everyone involved in clinical trials.
Companies involved in clinical trials should:
Given the prevalence of federal funding in medical research, companies engaged in such work may make submissions to the government and/or claims for reimbursement. Any misrepresentation in that process may constitute a “false” claim and result in FCA liability. As a civil statute, the FCA requires a more limited showing of intent, meaning the government may pursue cases where the falsehood resulted from “deliberate ignorance” or “reckless disregard.” Thus, a party not involved in the underlying misconduct could potentially be liable under the FCA for ignoring red flags relating to the trials or data.[i] It is not beyond the possibility that sponsors, CROs or others affiliated with the tainted clinical trials—like those in the two CPB-highlight cases—could find themselves facing FCA investigations where if they were aware of issues and then failed to investigate or report. Companies that engage in clinical trial work at any level, even as sponsor relying on others, should take care to fully understand their obligations in connection with any government funding and be vigilant when issues arise.
The UMR and Tellus defendants could have also faced consequences for potentially violating HIPAA, committing identity theft, and failing to follow protocols and requirements relating to data privacy. The latter itself raises the possibility of an FCA action under the DOJ’s civil cyber-fraud initiative. As Orrick previously covered, the DOJ recently resolved an FCA case with a settlement focused on federal contractors’ failure to follow cybersecurity standards. As many clinical trials involve government funds and given the wealth of regulated patient and other data involved, these matters raise numerous data-based risks. As just one example, recipients of research funds from the National Institutes of Health (NIH) are generally required to take steps such as encrypting sensitive data, limiting access to personally identifiable information (PII), transmitting data only when the security of the recipient is known, and protecting information from inadvertent loss, release or disclosure. In both the UMR and Tellus cases, the broad misuse of PII and other misconduct may have violated any such applicable requirements.
As clinical trial fraud enforcement efforts increase, health care and life sciences companies who participate in clinical trials should be careful about their obligations and consider how they can strengthen related policies and processes — particularly concerning data privacy and cyber-fraud risks.
Orrick can assist health care and life sciences companies in reviewing their internal controls, vetting potential partners, managing data privacy and cyber fraud risks, and investigating any incidents that may arise.
[i] Congress indicated when amending the FCA in 1987 that it intended to reach “persons who ignore ‘red flags’ that the information [relevant to the claim] may not be accurate.” See H.R. Rep. No. 99-660, pt. 5, at 20–21 (1986). Some courts have discussed a duty to inquire in certain circumstances. See, e.g., United States ex rel. Williams v. Renal Care Grp., Inc., 696 F.3d 518, 530 (6th Cir. 2012)