On Wednesday the Supreme Court heard arguments in Mississippi v. AU Optronics, a case illustrating just one example of CAFA gamesmanship being employed nationwide. The issue before the court may at first blush seem narrow in scope — whether a defendant sued by a State Attorney General for restitution or damages incurred by injured consumers can remove the suit to federal court — but the implications could have significant ramifications for companies facing multi-jurisdictional actions nationwide. But what companies should also take note of is the wide-reaching gamesmanship that plaintiffs, be it state AGs or the Plaintiffs bar, are attempting under CAFA and the unwillingness of the courts — at least so far — to call a timeout. Continue reading
Articles By Meghan A. McCaffrey
Yesterday’s Washington Post article on pharma company payments to attend DC area meetings of an FDA advisory panel is getting increased attention that companies should monitor. The article discusses hundreds of emails obtained through a public records request that outline years of payments by companies to attend closed summit meetings to discuss clinical trial designs for testing the safety and efficacy of new painkillers. The FDA has been severely criticized for failing to prevent the abuse of oxycontin, and patient advocacy groups and the plaintiffs lawyer who obtained the public records are now saying that “these e-mails help explain the disastrous decisions the FDA’s analgesic division has made over the last 10 years [.] Instead of protecting the public health, the FDA has been allowing the drug companies to pay for a seat at a small table where all the rules were written.” Add in allegations in the documents that this was becoming a “pay to play process,” and the reported $25,000 price tag for attendance, and its not hard to see why these allegations are garnering attention. Continue reading
With 3D printers, what used to exist only in the realm of science fiction — who doesn’t remember the Star Trek food replicator that could materialize a drink or meal with the mere press of a button — is now becoming more widely available with food on demand, prosthetic devices, tracheal splints, skull implants, and even liver tissue all having recently been printed, used, implanted or consumed. 3D printing, while exciting, also presents a unique hybrid of technology and biology, making it a potentially unique and difficult area to regulate and oversee. With all of the recent technological advances surround 3D printer technology, the FDA recently announced in a blog post that it too was going 3D, using it to “expand our research efforts and expand our capabilities to review innovative medical products.” In addition, the agency will be investigating how 3D printing technology impacts medical devices and manufacturing processes. This will, in turn, raise the additional question of how such technology — one of the goals of which, at least in the medical world, is to create unique and custom printed devices, tissue and other living organs for use in medical procedures — can be properly evaluated, regulated and monitored.
In case you missed it, the 2007 Food and Drug Administration Amendments Act (“FDAAA”) requires that the FDA publish quarterly reports that list “potential signals of serious risks/new safety information” of FDA approved medications. Although the FDA’s processes and procedures for evaluating risks sufficient enough to warrant publication in these reports is unclear, drug companies with FDA approved drugs on the market should know about these requirements. For example, just last week the FDA announced that Tylenol and other acetaminophen-containing pain killers can cause potentially deadly skin rashes and blisters, resulting in a label change carrying warnings of the risk of rash when taking acetaminophen products. The FDA made the decision, it reported, based on a review of its own Adverse Event Reporting System (FAERS) as well as medical literature, which showed 107 reports between the years 1969 to 2012. For a drug taken by “millions who, over generations, have benefitted from acetaminophen,” this breaks down to less than .01% of the population taking the drug having experienced a skin-related adverse event over the last approximately 50 years. So how was it that the FDA determined the risk was severe enough now — in 2013 — to warrant a label change and warning? Continue reading
Could your pacemaker or your doctor’s mobile tablet pose a risk of cyberattack to patients? The FDA is concerned it may. In yesterday’s annoucment, the FDA urged medical-device manufacturers and hospital networks to boost safeguards against potential cybersecurity threats from computer hackers and malware. The Agency, working with the Department of Homeland Security, issued draft cybersecurity guidance for medical device premarket submissions today, noting that “manufacturers should develop a set of security controls to assure medical device cybersecurity to maintain information confidentiality, integrity, and availability.
The FDA’s announcement followed Homeland Security’s disclosure of vulnerability in a wide range of medical devices, after security analysts were able to hack into over 300 medical devices and equipment, including surgical and anesthesia devices, patient monitors and lab analysis tools, the Washington Post reported. As the Agency warned, “many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.” Although the FDA stated it was not aware of any injuries or deaths from compromised devices or computer devices, it’s clear that the number of reported incidents has increased. The Washington Post reports that one of the FDA’s chief scientists noted that “the type and breadth of incidents has increased” and where the FDA only heard of problems once or twice a year, they’re now “hearing about them weekly or monthly.”
So what are the legal implications of the FDA’s new announcement? For any premarket submission, manufacturers should now plan on providing documentation of their cybersecurity features, including:
- Hazard analysis, mitigations, and design considerations pertaining to intentional and unintentional cybersecurity risks associted with their device;
- A traceability matrix that links your actual cybersecurity controls to the cybersecurity risks that were considered;
- A systemic plan for providing validated updates and patches to operating systems or medical device software as needed for the product life-cycle;
- Documentation that the device will be provided free of malware; and
- Instructions for use and product recommendations for anti-virus software and/or firewall use appropriate for the environment of use.
Moreover, medical device makers and hospital networks should be cognizant of the potential liability exposure for failing to adequately protect for cybersecurity threats and/or failing to update and monitor potential threats throughout the product life-cycle. Of course, in the product liability and torts context, the question to consider is what is reasonably foreseeable and how far does a manufacturer’s responsibility extend when it comes to the new world of cybersecurity threats? Given how quickly technology changes — especially malware and computer viruses — the ability to address these threats throughout the product life -cycle could become increasingly difficult, translating into potentially significant risk and liability exposure for manufacturers and other impacted parties. We here at the product liability monitor will continue to monitor these developments.