1 / 41

January 16, 2018

January 16, 2018. Kate Klaus, Esq. Courtney Young, Esq. Ripped from the Headlines: Medmarc’s Risk Management Team Discusses Lessons Learned from Life Sciences in the News and What to Watch for in 2019. Agenda. Opioid Update Digital Health Pre-Certification Program

hilario
Download Presentation

January 16, 2018

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. January 16, 2018 Kate Klaus, Esq. Courtney Young, Esq. Ripped from the Headlines: Medmarc’s Risk Management Team Discusses Lessons Learned from Life Sciences in the News and What to Watch for in 2019

  2. Agenda • Opioid Update • Digital Health Pre-Certification Program • Medical Device Cybersecurity • OTC Monograph Reform • Lighting Round

  3. Opioids

  4. What’s going on?

  5. Status • Opioid “epidemic” has been at center of national attention for several years, and 2018 saw an increase in lawsuits against opioid manufacturers and distributors • Suits coming from state and county governments alleging that these companies are liable for the cost to the public of treating opioid victims • Allegations include knowingly misleading public and physicians about addiction risks • Georgia became latest government to file suit, filing on Jan. 3

  6. What does this mean for life sciences companies? • Litigation • Ancillary products may become a target • Pain pumps, drug delivery systems • Insurance coverage • Coverage for businesses with opioid exposure is going to be more difficult to obtain, exclusions being added to policies • Suits by government entities • These types of suits may be new trend, not be unique to opioids

  7. Digital Health Pre-Certification Program

  8. Pre-Cert: What is it? • 21st Century Cures Act • Digital Health Innovation Action Plan • Software Pre-Certification Program • Streamlines the regulatory oversight of software-based medical devices • Focus initial evaluation on the developer

  9. Pre-Cert: Who is it for? • Manufacturers with a robust culture of quality and organizational excellence • Commitment to monitoring real-world performance of their products in the U.S. market - Will Durant, frequently misattributed to Aristotle

  10. Pre-Cert: How does it work? • Key components: • Excellence Appraisal • Review Determination • Streamlined Review • Real-World Performance

  11. Pre-Cert: When will it launch? • Pilot program in progress • More than 100 companies applied to participate, but only nine selected • Transparent development process • Link for submitting comments on FDA website • Interactive user sessions with pilot participants open to the public via webinar

  12. Cybersecurity

  13. What’s going on?

  14. Status • Medical device cybersecurity has been and continues to be a focus of FDA, the industry, and the plaintiff’s bar • FDA released new guidance on October 18, 2018 • The U.S. Department of Health and Human Services released “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” on December 28, 2018

  15. FDA’s New Guidance • New Guidance released October 18, 2018 • “Today’s draft premarket cybersecurity guidance provides updated recommendations for device manufacturers on how they can better protect their products against different types of cybersecurity risks, from ransomware to a catastrophic attack on a health system. We’ve been implementing this guidance since it was finalized in 2014. Now, because of the rapidly evolving nature of cyber threats, we’re updating our guidance to make sure it reflects the current threat landscape so that manufacturers can be in the best position to proactively address cybersecurity concerns when they are designing and developing their devices. This is part of the total product lifecycle approach to device safety, in which manufacturers must adequately address device cybersecurity from the design phase through the device’s time on the market to help ensure patients are protected from cybersecurity threats.” – FDA Commissioner Scott Gottlieb

  16. Guidance: Content of Premarket Submissions for Management of Cybersecurity • Last cybersecurity guidance finalized in October of 2014 • Recommends that premarket submissions include a “cybersecurity bill of materials” detailing the software and hardware components that are vulnerable to cyberattacks • Device makers must include documentation demonstrating how they have mitigated cybersecurity risks • Provides design recommendations based on NIST’s “Framework for Improving Critical Infrastructure Cybersecurity”

  17. Guidance: Content of Premarket Submissions for Management of Cybersecurity, cont’d • According to the FDA, the security risk management report for a trustworthy device would include:  • A system-level threat model • A specific list of all cybersecurity risks that were considered in the device’s design • A list and justification of all cybersecurity controls established in the device, including risk mitigations • A description of the testing done to ensure the adequacy of cybersecurity risk controls (including performance testing, vulnerability scanning, penetration testing, etc.) • A traceability matrix linking cybersecurity controls to the risks outlined in a security risk and hazard analysis • A software bill of materials that is cross-referenced with the National Vulnerability Database or a similar known database, including criteria for addressing known vulnerabilities or a rationale for not addressing known vulnerabilities.

  18. DHS and FDA MOA • In October, the FDA and the National Protection and Programs Directorate (NPPD) of DHS entered into an agreement that formalizes a long-standing relationship between the agencies and implements a new framework for increased collaboration, information-sharing, and coordination to address cybersecurity in medical devices. • Key Provisions: • NPPD can assist FDA as an independent third party in the evaluation and assessment of the impact of medical device vulnerabilities • NPPD will coordinate with FDA on the content of alerts and advisories related to medical device cybersecurity and these will be published by DHS • Takeaway: • FDA stepping up its enforcement actions related to cybersecurity

  19. What does this mean for life sciences companies? New information should be submitted with 510(k) submissions Keep an eye on emerging and developing industry standards These standards can form the basis of plaintiffs’ negligence cases in the event of a data breach, bodily injury, or property damage arising out of a cyber vulnerability

  20. The Intersection of Cybersecurity & Products Liability You failed to warn me that a cyber vulnerability could result in bodily injury/ property damage. Your product does not effectively warn against hazards of which you knew or should have known. Warning Defect Something went wrong in the manufacturing process, which rendered the device less safe. You failed to implement the appropriate security patch. You failed to effectively design the product to protect against cyber vulnerabilities and/or be interoperable without risk to other systems, networks, or components. Manufacturing Defect There is a reasonably safer alternative design that you failed to use. Design Defect

  21. HHS’ New Health Industry Cybersecurity Practices The document identified 5 threats for healthcare providers: • E-mail phishing attacks • Ransomware attacks • Loss or theft of equipment or data • Insider, accidental or intentional data loss • Attacks against connected medical devices that may affect patient safety Released at the end of last year, HHS’ document is a “call to action” for the healthcare industry with the goal of moving beyond the historical focus on privacy and security and put new emphasis on patient safety

  22. HHS’ Identification of Medical Devices as a Threat

  23. OTC Monograph Reform

  24. Bringing OTCs to Market Private submission to FDA by drug sponsor • Either: • A new active moiety, dosage form, use, etc., or • Prescription to OTC switch NDA Three-phase process: Advisory panel review FDA publishes Tentative Final Monograph (TFM) in the Federal Register for public comment Final Monograph published Monograph Public rulemaking process

  25. OTC Monograph System • Set of conditions that are self-limiting and self-diagnosable • Identifies permitted actives and concentrations • Sets out required label statements • No pre-approval required – if it complies with the monograph, it can be sold

  26. OTC Monograph System • Required label format • Nearly every aspect dictated by regulations – fonts, font size, bolding, line widths, bullet use

  27. Monograph System Relic • Introduced in 1972 and never completed • Rulemaking moves at a glacial pace, hindering FDA’s responsiveness to safety issues • Significant barrier to innovation, as monographs are limited in large part to actives available in 1972

  28. Over-the-Counter Monograph Safety, Innovation, and Reform Act • User fees • Improved staffing and dedicated funding for OTC work • Streamlined regulatory pathway • Review of innovations • Quick response to emerging issues • Exclusivity for innovators • IT infrastructure

  29. Reform Status • Passed the House in the 115th Congress, but was not taken up by the Senate before the session ended • Passed again by the House (116th) on January 8th, with broad bipartisan support (401 – 17) • Sent to the Senate, where it again awaits further action

  30. Lightning Round

  31. Virtual Trials • CROs increasingly undertaking “virtual trials” in which participants are remove • May ease clinical trial costs where available

  32. Impact of Government Shutdown on FDA Operations

  33. Third-Party Litigation Funding • Does it make litigation more likely? • Courts to consider the issue have largely allowed plaintiffs’ funding sources to remain undisclosed as irrelevant to the case. https://www.nytimes.com/2018/04/14/business/vaginal-mesh-surgery-lawsuits-financing.html

  34. Banner Year for Drug Approvals

  35. HIPAA Enforcement Looks to Be Ramping Up • Medical devices with software components and medical software makers should take note and ensure appropriate data protection measures are in place.

  36. The 510(k) Pathway and the Battle for Public Opinion

  37. The 510(k) Pathway and the Battle for Public Opinion

  38. The 510(k) Pathway and the Battle for Public Opinion

  39. Brexit • If there’s no deal, the UK’s participation in the European regulatory network would cease. • Drugs - The MHRA would take on the functions currently undertaken by the EU for medicines on the UK market. • Medical Devices – UK will recognize medical devices approved for the EU market and CE-marked.

  40. Thank you! Risk Management Department703.652.1362 RiskManagement@medmarc.com Courtney Young, Esq.703.652.1385 CourtneyYoung@medmarc.com Kate Klaus, Esq.703.652.1330KathrynKlaus@medmarc.com

  41. All statements and opinions in this publication are for informational and educational purposes only. None of the information presented should be considered as offering legal advice or legal opinion. We are not liable for any errors, inaccuracies or omissions. In the event any of the information presented conflicts with the terms and conditions of any policy of insurance offered by Medmarc Insurance Group, the terms and conditions of the actual policy will apply. Disclaimer

More Related