< the federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 ("HITECH") and their respective implementing regulations, including the Final Omnibus Rule published in January 2013, which impose requirements on certain covered healthcare providers, health plans, and healthcare clearinghouses as well as their respective business associates, independent contractors or agents of covered entities, that perform services for them that involve the creation, maintenance, receipt, use, or disclosure of, individually identifiable health information relating to the privacy, security and transmission of individually identifiable health information. HITECH also created new tiers of civil monetary penalties, amended HIPAA to make civil and criminal penalties directly applicable to business associates, and gave state attorneys general new authority to file civil actions for damages or injunctions in federal courts to enforce the federal HIPAA laws and seek attorneys’ fees and costs associated with pursuing federal civil actions. In addition, there may be additional federal, state and non-U.S. laws which govern the privacy and security of health and other personal information in certain circumstances, many of which differ from each other in significant ways and may not have the same effect, thus complicating compliance efforts. In addition, HIPAA, which created new federal criminal statutes that prohibit a person from knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program or obtain, by means of false or fraudulent pretenses, representations or promises, any of the money or property owned by, or under the custody or control of, any healthcare benefit program, regardless of the payor (e.g., public or private) and knowingly and willfully falsifying, concealing or covering up by any trick or device a material fact or making any materially false, fictitious, or fraudulent statements or representations in connection with the delivery of, or payment for, healthcare benefits, items or services relating to healthcare matters; similar to the federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation. < the federal false statements statute, which prohibits knowingly and willfully falsifying, concealing or covering up a material fact or making any materially false statement in connection with the delivery of or payment for healthcare benefits, items or services; < the federal transparency requirements under the federal Physician Payments Sunshine Act requires certain manufacturers of drugs, devices, biologics, and medical supplies for which payment is available under Medicare, Medicaid, or the Children’s Health Insurance Program, with specific exceptions, to report annually to HHS information regarding any payment or other “transfer of value” made or distributed to healthcare professionals (currently defined to include doctors, dentists, optometrists, podiatrists, and chiropractors) and teaching hospitals, as well as ownership and investment interests held by the healthcare professionals and their immediate family members. Failure to submit required information may result in civil monetary penalties for all payments, transfers of value or ownership or investment interests that are not timely, accurately, and completely reported in an annual submission. Effective January 1, 2022, these reporting obligations will extend to include transfers of value made to certain nonphysician providers such as physician assistants and nurse practitioners. < federal price reporting laws, which require manufacturers to calculate and report complex pricing metrics in an accurate and timely manner to government programs; < federal consumer protection and unfair competition laws, which broadly regulate marketplace activities and activities that potentially harm consumers; and < The Foreign Corrupt Practices Act ("FCPA"), which prohibits companies and their intermediaries from making, or offering or promising to make, improper payments to non-U.S. officials for the purpose of obtaining or retaining business or otherwise seeking favorable treatment. Additionally, we may be subject to state and non-U.S. equivalents of each of the healthcare laws described above, among others, some of which may be broader in scope and may apply regardless of the payor. Many U.S. states have adopted laws similar to the federal Anti-Kickback Statute, some of which apply to the referral of patients for healthcare services reimbursed by any source, not just governmental payors, including private insurers. In addition, some states have passed laws that require pharmaceutical companies to comply with the April 2003 Office of Inspector General Compliance Program Guidance for Pharmaceutical Manufacturers and/or the Pharmaceutical Research and Manufacturers of America’s Code on Interactions with Healthcare Professionals. Several states also impose other marketing restrictions or require pharmaceutical companies to make marketing or price disclosures to the state. There are ambiguities as to what is required to comply with these state requirements, and if we fail to comply with an applicable state law requirement, we could be subject to penalties. Finally, there are state and non-U.S. laws governing the privacy and security of health information, many of which differ from each other in significant ways and often are not preempted by HIPAA, thus complicating compliance efforts. Because of the breadth of these laws and the narrowness of the statutory exceptions and safe harbors available, it is possible that some of our business activities could be subject to challenge under one or more of such laws. Violations of fraud and abuse laws may be punishable by criminal and/or civil sanctions, including penalties, fines, disgorgement, imprisonment and/or exclusion or suspension from federal and state healthcare programs such as Medicare and Medicaid and debarment from contracting with the U.S. government. In addition, private individuals have the ability to bring actions on behalf of the U.S. government under the federal False Claims Act as well as under the false claims laws of several states. Law enforcement authorities are increasingly focused on enforcing these laws, and it is possible that some of our practices may be challenged under these laws. Efforts to ensure that our current and future business arrangements with third parties, and our business generally, will comply with applicable healthcare laws and regulations will involve substantial costs. It is possible that governmental authorities will conclude that our business practices, including our arrangements with physicians and other healthcare providers, some 32
RkJQdWJsaXNoZXIy NTIzOTM0