The DOJ’s Focus on Clinical Trial Enforcement: An Ounce of Prevention Is Better Than an Enforcement Action Cure

April.26.2022

Introduction

In early April, the U.S. Department of Justice (DOJ) Civil Division’s Consumer Protection Branch (CPB) published its first-ever “Recent Highlights” report. The report provides background on the CPB, highlights from its recent work and discusses the CPB’s enforcement priorities.

The report leads with the CPB’s work on consumer health and safety matters, highlighting a subset of the CPB’s work relating to clinical trial fraud. Not only is clinical trial fraud, as noted in the report, an enforcement priority for the CPB, these cases are worth further attention because they frequently involve federal funds, raising the risk of an investigation, government enforcement action or private whistleblower suit under the False Claims Act (FCA). And clinical trials are closely tied to other federal enforcement priorities, including the DOJ’s interests in corporate misconduct, particularly for health care and medical device companies that may have received COVID-related funds, corresponding individual accountability, and the DOJ’s new FCA-based civil cyber-fraud initiative. Companies, academic institutions, research organizations and individuals involved in, or that rely on, clinical trials should be proactive about managing related risks, including updating policies and controls for issues such as cybersecurity and data privacy.

The CPB

The CPB has the authority to initiate civil and criminal actions, as well as represent various federal agencies in defensive litigation. The CPB report touts that between October 2020 and December 2021, they brought cases against over 200 individual defendants, secured 17 corporate guilty pleas, entered into five corporate deferred prosecution agreements and resolved 29 corporate civil matters. Across its matters in the past year, the CPB recovered over $6.38 billion dollars in resolutions and judgments.

Clinical Trial Fraud

While speaking about the CPB’s priorities, Deputy Assistant Attorney General Arun G. Rao, who oversees the CPB, highlighted clinical trial fraud as a key topic for future enforcement efforts. He referenced two recent clinical trial fraud cases, saying these CPB matters “represent only a sample of the CPB’s clinical trial fraud enforcement efforts, and we expect to bring further actions in the coming months.” He went on to explain how clinical trial fraud can harm the public’s trust in testing and the U.S. Food and Drug Administration (FDA) approval process, as perpetrators “are trafficking in misinformation, leading consumers to put faith in falsehoods instead of sound medical treatments that have been scientifically proven to be safe and effective.”

The CPB’s recent highlights report similarly emphasized that its allegations “often” include clinical trial fraud and provided details for two recent enforcement actions.

Unlimited Medical Research: Last year, several employees and the co-owner of a company known as Unlimited Medical Research LLC (UMR), pleaded guilty to conspiracy to commit wire fraud and obstruction of justice stemming from a fraudulent clinical trial. The defendants admitted entering into an agreement with a contract research organization (CRO) to conduct a study, but then inventing records of clinical trial participation. The clinical investigator and co-owner of UMR, a physician, had patients at her medical practice sign informed consent paperwork, but others then fabricated the follow-up contact and clinical trial data. A global pharmaceutical company that sponsored this study, including developing the protocol for the clinical trial, raised concerns after the CRO flagged irregularities in UMR’s data. The clinical investigator and her two study coordinators pleaded guilty and were sentenced to prison. A co-owner of UMR was separately charged for obstructing an FDA inspection and investigation into these issues and is scheduled for sentencing later this month. The company sponsoring the trial was not charged.
Tellus Clinical Research: In June 2021, a sub-investigator and an assistant study coordinator at Tellus Clinical Research each pleaded guilty to participating in a conspiracy in connection with falsifying clinical trial data. In October 2021, the project manager pleaded guilty to conspiracy to commit mail and wire fraud. They, along with others at Tellus including the CEO, made it seem as if subjects were participating in clinical trials when, in fact, they were not. This included enrolling ineligible friends, family members and others who did not suffer from the relevant medical conditions including using personal identification documents. They went as far as to draw blood from other Tellus employees and submit it as study samples and create other false records of the purported subjects’ experience. To date, three defendants pleaded guilty to charges including conspiracy to commit mail and wire fraud and conspiracy to defraud the United States. They were sentenced to prison and ordered to pay over $2 million in restitution, while three remaining defendants, including Tellus’ CEO, await trial. Again, the sponsor was not charged.

What This Enforcement Priority Means for Companies Involved in Clinical Trials

While these “highlight” cases focused on individuals who engaged in egregious misconduct (not on the study sponsors or CROs), they serve as a warning to everyone involved in clinical trials.

Companies involved in clinical trials should:

Ensure they are following all relevant requirements, including data handing protocols related to blinded studies, monitor risks consistent with their obligations and flag concerns about the data, where appropriate.

Given the prevalence of federal funding in medical research, companies engaged in such work may make submissions to the government and/or claims for reimbursement. Any misrepresentation in that process may constitute a “false” claim and result in FCA liability. As a civil statute, the FCA requires a more limited showing of intent, meaning the government may pursue cases where the falsehood resulted from “deliberate ignorance” or “reckless disregard.” Thus, a party not involved in the underlying misconduct could potentially be liable under the FCA for ignoring red flags relating to the trials or data.^[i] It is not beyond the possibility that sponsors, CROs or others affiliated with the tainted clinical trials—like those in the two CPB-highlight cases—could find themselves facing FCA investigations where if they were aware of issues and then failed to investigate or report. Companies that engage in clinical trial work at any level, even as sponsor relying on others, should take care to fully understand their obligations in connection with any government funding and be vigilant when issues arise.

Have strong data governance. As evidenced by the two CPB-highlight cases, clinical trials also raise distinct cyber and data privacy risks.

The UMR and Tellus defendants could have also faced consequences for potentially violating HIPAA, committing identity theft, and failing to follow protocols and requirements relating to data privacy. The latter itself raises the possibility of an FCA action under the DOJ’s civil cyber-fraud initiative. As Orrick previously covered, the DOJ recently resolved an FCA case with a settlement focused on federal contractors’ failure to follow cybersecurity standards. As many clinical trials involve government funds and given the wealth of regulated patient and other data involved, these matters raise numerous data-based risks. As just one example, recipients of research funds from the National Institutes of Health (NIH) are generally required to take steps such as encrypting sensitive data, limiting access to personally identifiable information (PII), transmitting data only when the security of the recipient is known, and protecting information from inadvertent loss, release or disclosure. In both the UMR and Tellus cases, the broad misuse of PII and other misconduct may have violated any such applicable requirements.

As clinical trial fraud enforcement efforts increase, health care and life sciences companies who participate in clinical trials should be careful about their obligations and consider how they can strengthen related policies and processes — particularly concerning data privacy and cyber-fraud risks.

Orrick can assist health care and life sciences companies in reviewing their internal controls, vetting potential partners, managing data privacy and cyber fraud risks, and investigating any incidents that may arise.

^[i] Congress indicated when amending the FCA in 1987 that it intended to reach “persons who ignore ‘red flags’ that the information [relevant to the claim] may not be accurate.” See H.R. Rep. No. 99-660, pt. 5, at 20–21 (1986). Some courts have discussed a duty to inquire in certain circumstances. See, e.g., United States ex rel. Williams v. Renal Care Grp., Inc., 696 F.3d 518, 530 (6th Cir. 2012)

Authors

Thora Johnson Partner, Life Sciences & HealthTech, Cyber, Privacy & Data Innovation

Washington, D.C.

See my bio

Practice:

Technology & Innovation Sector
Life Sciences & HealthTech
Cyber, Privacy & Data Innovation
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Thora Johnson Partner

Washington, D.C.

Thora works with medical device, pharmaceutical, biotech and digital health companies, helping them navigate the increasingly complex patchwork of state and federal health privacy laws. One client described her to the Legal 500 as a “very practical” advisor providing “exceptional guidance” on health information privacy and HIPAA compliance matters.

Her breadth and depth of experience enable Thora to assist clients in harnessing the power of artificial intelligence and executing data-sharing arrangements, all while protecting health data. As a result, Thora spends much of her time counseling pioneering startups and high-growth companies on responsible innovation in healthcare and life sciences.

Thora brings extensive experience counseling clients, including Fortune 500 companies and brick and mortar providers, on the Health Insurance Portability and Accountability Act (HIPAA) and other state and federal health privacy and regulatory compliance regimes including:

Office of the National Coordinator for Health Information Technology’s interoperability and information blocking regulations
Centers for Medicare & Medicaid Service’s (CMS’s) interoperability and patient access regulations
Part 2 confidentiality requirements applicable to substance abuse records
State health information privacy laws
State consumer privacy laws with special controls for health data
Medicare/Medicaid compliance
Mental Health Parity and Addiction Equity Act (MHPAEA)
Genetic Information Nondiscrimination Act (GINA)
Affordable Care Act (ACA) compliance
Regulatory requirements of the Employer Retirement Income Security Act (ERISA), the Internal Revenue Code, HIPAA, and the ACA as they apply to employer health and wellness plans

Thora routinely helps companies and large employers prepare for and respond to privacy and security incidents involving health information. She also defends clients in government investigations initiated by the OCR, OIG, DOJ, FTC and State AGs, among others.

Gargi Talukder Partner, Intellectual Property, Life Sciences & HealthTech

San Francisco

See my bio

D:+1 415 773 5625
E: [email protected]

Practice:

Intellectual Property
Life Sciences & HealthTech
Patents

vCard

See full bio

Gargi Talukder Partner

San Francisco

Gargi’s work in protein therapeutics includes patent estate development for antibody and fusion protein therapeutics and utilizes her knowledge of the patent landscape in this area to inform strategic portfolio management. In the fields of genomics and proteomics, she has conducted diligence and developed portfolios related to the biochemistry of sequencing technologies, as well as to the associated devices and machine learning methods utilized in sequencing methods. In the field of cancer immunotherapies (immuno-oncology), she has developed portfolios related to cell-based immunotherapy approaches, including targeted immune cell therapies and immunological pathway interventions.

In addition, Gargi assists clients in providing intellectual property support for transactional matters, including diligence for mergers and acquisitions as well as financing rounds. Her technical experience is routinely called upon in helping to develop litigation strategies for complex and high-stakes trials.

Gargi has authored scientific papers in peer-reviewed publications, as well as articles discussing medical and biological research in general-interest newspapers and periodicals. Her doctoral work in Neuroscience from Stanford University focused on structure-function studies in ion channels, with an emphasis on using genetic engineering and electrophysiology to identify structural elements of potassium channels that lead to their voltage and chemical sensitivity.

David Rhinesmith Partner, Government Investigations and Enforcement Actions, False Claims Act

Washington, D.C.

See my bio

Practice:

Government Investigations and Enforcement Actions
False Claims Act
Life Sciences & HealthTech
White Collar, Investigations, Securities Litigation & Compliance
FCPA & Anti–Corruption
Litigation for the Life Sciences & HealthTech Sector
Whistleblower & Corporate Investigations
FDA & Healthcare Regulatory
Global Investigations
Artificial Intelligence (AI)
Ethics & Compliance
Strategic Advisory & Government Enforcement (SAGE)
Corporate Governance
White Collar Criminal Defense

vCard

See full bio

David Rhinesmith Partner

Washington, D.C.

David has represented clients in matters involving state and federal false claims acts, the Anti-Kickback Statute, federal securities laws, the Foreign Corrupt Practices Act (FCPA), anti-money laundering laws, and the Food, Drug, & Cosmetic Act. He has played a lead role in high-stakes federal investigations, complex civil cases, and criminal matters. His litigation experience includes oral argument before the First Circuit, briefing in federal and state courts, and deposing senior government officials. And he draws on this experience to advise clients on potential enforcement risks and regulatory issues.

David previously served as Global Investigations & Compliance Counsel (on secondment) at one of the world's leading medical device companies, immediately following one of the industry's largest mergers. In this role he led multiple internal investigations and helped the company develop a new investigations and corporate compliance function.

David previously worked as an Assistant Attorney General in the Appeals Division of the Massachusetts Attorney General’s Office, serving as lead counsel in more than a dozen criminal and civil matters at all levels of federal and state court. David was also an associate in the Chicago and Washington, D.C. offices of another international law firm.

In 2017, 2018, 2019, and 2020 David was selected to the Washington, D.C. Super Lawyers Rising Stars list.