On November 2, 2022, Stacy Cline Amin, former Chief Counsel of the U.S. Food and Drug Administration (FDA) and Deputy General Counsel of the Department of Health and Human Services (HHS), moderated the panel “Compliance and Cybersecurity Challenges in Clinical Trial Enforcement,” during the Food and Drug Law Institute’s Clinical Trials: Deconstructing Challenges and Providing Practical Insights Conference. The panel featured a high-ranking attorney from the Department of Justice’s (DOJ) Consumer Protection Branch (CPB) and other regulatory compliance leaders to discuss key trends and issues in clinical trial enforcement that underscored the need to ensure appropriate compliance measures are in place to avoid future investigations.
Key takeaways regarding the trajectory of clinical trial fraud investigations and enforcement actions include:
- Investigation and Prosecution Targets
One of the most notable comments from the panel was the confirmation that DOJ is looking not only at the activity of individuals (e.g., clinical trial site owners or executives) but also big corporate actors (e.g., sponsors or CROs), with a specific focus on the submission of false and misleading data to FDA and obstruction of FDA and other regulators. DOJ is also looking at cases where the data at the investigator level may be honest and accurate, but where sponsors may have decided to shape it a certain way or omit information—something that can be exacerbated in a biotech environment, where start-ups may be under pressure to show results for the next round of funding. The DOJ is also highly attuned to bad actors whose activities may subject clinical trial participants to harm, such as a clinical trial intentionally providing experimental treatment to a patient they know does not qualify to participate in the study. - Charging Mechanisms – Use of the Food Drug and Cosmetic Act (FDCA)
Historically, DOJ has used traditional criminal tools like wire fraud and obstruction to prosecute criminal activity in this space. Recently, DOJ has trended to also looking at pursuing cases under the FDCA, including felony or misdemeanor criminal actions, since sponsors are responsible for monitoring investigations, compliance with reporting requirements for clinical trials, and maintaining accurate records. An example is to charge application fraud. However, DOJ has also indicated that even if they choose not to bring a case under the FDCA, such violations can bolster the other criminal charges they may pursue, such as conspiracy under Title 18. It was also noted that DOJ is considering whether it should more frequently exercise its enforcement discretion, both civil and criminal, for a responsible party’s failure to register a clinical trial and submit the results on clinicaltrials.gov. As to other actions, the DOJ noted that it anticipates bringing criminal actions for money laundering and identity theft, as well as civil actions under the False Claims Act. - The Influence of FDA Inspection Classification on DOJ Actions
DOJ gave a clear answer that FDA inspection classification is not determinative of whether DOJ will bring an action. While DOJ noted that FDA inspection classification is informative, they also noted that DOJ’s inspection and investigation tools differ from FDA. DOJ’s tools, such as search warrants, are designed to unearth criminal activity. Indeed, the DOJ further noted that a fraudulent actor may misrepresent their activities to FDA during an inspection, which means that a glowing inspection classification may just be one additional incidence of clinical trial fraud. - Special Attention to Cybersecurity and Digital Enrollment
With the advent of clinical trial process digitalization due to COVID-19, clinical trial sites have intrinsically bound digital operations into their business models. However, the speed of incorporating these digital tools may not be matched with the necessary compliance mechanisms to ensure subject and data integrity. In the clinical trial timeline, there are four key digital concerns that industry must address to ensure compliance. - Finding the participant: Some patient populations are at a premium, especially if a therapeutic is targeting a rare disease. While using digital technologies can greatly expand the ability to locate appropriate participants, digital misfires happen, and the system should have appropriate confirmation tools to ensure the participant is appropriate for the study.
- Enrolling the participant: Once an appropriate participant is found, they must consent to the study. Electronic informed consent is entirely acceptable, but only if it is properly executed. An example of a potential misstep is if the patient experiences connectivity issues while a healthcare provider is explaining what the study entails. In such a situation, the patient’s consent may not actually be informed, so telemedicine engagements should contain protocols to ensure the participant is able to fully and informedly engage with the healthcare provider.
- Securing the participant’s data: Participant health data may be subject to HIPAA and other privacy and electronic security requirements. Clinical trials should design their digital databanks to comply with appropriate security and privacy protocols and ensure that employees are trained on how to use these systems.
- Reporting health information and outcomes: In the context of larger clinical trials, using inaccurate or misleading algorithms to self-report or synthesize health information may subject the trial to fraud, waste, and abuse liability. This highlights the important need to manage the risks with benefits of using digital technologies in clinical trials.
- What Sponsors and Other Corporate Actors Can Do to Mitigate DOJ Enforcement Risk
DOJ places great weight on whether sponsors have implemented and maintained an effective compliance program, which generally includes training, procedures, and auditing mechanisms used by sponsors in this space. Specifically, DOJ considers the sponsor’s oversight and communication flow with CROs, escalation procedures and whether they were followed, what questions were asked, whether documentation or records are accessible to the sponsor, whether there was self-reporting to FDA, and in some cases, whether there was self-reporting to DOJ. These factors underscore the need for sponsors to conduct meaningful due diligence and proactively monitor and audit potential clinical investigators and CROs.
MoFo’s FDA + Healthcare Regulatory and Compliance practice works seamlessly with our Investigations + White Collar Defense, Global Ethics + Compliance, Life Sciences Transactions + Licensing, and Privacy + Data Security practice groups to ensure that life sciences companies remain compliant with all federal and state requirements. Please subscribe and follow our Life Sciences Blog, as we continue to update industry on new developments in compliance.
Kai Mindick, a Law Clerk in our Austin office, contributed to the writing of this alert.