What You Don't Know Can Hurt You—Keys to Handling an FDA Investigation

The Food & Drug Administration (FDA), like most federal agencies, has a law-enforcement component. At the FDA, that  section is known as the Office of Criminal Investigation or OCI. While most physicians and health-care businesses are familiar with agencies like the Department of Health and Human Services Office of Inspector General (HHS-OIG), the Federal Bureau of Investigation (FBI), and even the Drug Enforcement Administration (DEA), the FDA's OCI is less well known. But in law as in medicine, what you don't know can hurt you.

The FDA OCI's mission is to investigate suspected criminal violations related to FDA-regulated products and public health generally. The primary types of violations OCI investigates are violations of the Food, Drug & Cosmetic Act (FDCA). Like many health-and-welfare statutes, the FDCA is the statutory source for a complex web of regulations. The Act and its regulations focus on drugs, devices and items that are adulterated, deleterious, or misbranded, among many other things. They also authorize various types of inspections and provide for administrative and civil penalties.

Importantly, aside from these regulatory aspects, the FDCA also contains over 50 prohibited acts for which there are criminal penalties. Potential criminal violations include introducing a ‘‘misbranded’’ food or drug into interstate commerce; mutilating the labeling of a food, drug, or device; misconduct in clinical trials; running afoul of importation requirements; failing to register as a drug or device producer; and many more.

While some health care practitioners may think that criminal statutes only ensnare unethical doctors or dyed-in-the-wool fraudsters, they do so at their peril. Unlike most criminal statutes, the FDCA is a strict liability statute. That means there is no intent requirement and entirely unintentional—even unknowing—conduct can lead to liability. What’s more, under the ‘‘responsible corporate officer’’ doctrine (sometimes referred to as the Park doctrine after the Supreme Court case sanctioning it), an executive or doctor who has control over the business might be held vicariously liable for the activity causing the violation.

Consider just one example: a medical practice’s purchasing manager finds a medication on the Internet be to their normal distributor. The medication is manufactured by the same manufacturer and has nearly identical packaging. The purchasing manager orders the medication, and the physicians in the practice use it without problem. If it turns out that medication was intended for a foreign market instead of the U.S.—and therefore is potentially ‘‘misbranded’’ despite being chemically identical—the physicians and management of the practice could be subject to criminal penalties under the FDCA, exclusion from Medicare, a False Claims Act suit if they sought government reimbursement, or hefty fines.

While Park doctrine cases have been relatively rare, the Department of Justice (DOJ) recently reaffirmed and strengthened its policy toward prosecuting individuals for corporate misconduct. That policy announcement, known as the Yates Memo after its author, Deputy Attorney General Sally Yates, provides powerful incentives for prosecutors to focus even more on individual prosecutions. But proving criminal intent, especially in corporate fraud cases, can be very hard since conduct is diffused throughout an organization. As a result, FDCA cases could be especially alluring to prosecutors since they require a much lower standard of proof and the ability to reach high-level executives through the Park doctrine. Bottom line: there are high stakes and many pitfalls under the FDCA for medical practices and life science companies—and the threats are increasing. So what are some of the keys to avoiding or to best handling an FDA investigation? Here are five:

1. Have a compliance plan—and follow it. Most health-care and life-science companies have a compliance plan. If you do, be sure that FDCA issues are appropriately addressed. If your company or practice doesn’t have a compliance plan, it should implement one and train its employees on the plan. That last part is important. The only thing worse than not having a compliance plan is having one in name only.

2. Be prepared when the government comes knocking. Unlike some government agencies, the FDA has broad powers of inspection under the FDCA. But those powers are not unlimited and don’t apply in all situations. Moreover, visits by OCI agents specifically are not ‘‘mere audits’’; they indicate a criminal investigation in progress and should be handled with appropriate care. Companies and practices should have a policy for handling official government requests and, at a minimum, staff need to know who to call when there is a government inquiry.

3. Be especially cautious in making any statements. As a best practice, it’s always wise to have legal counsel with you when speaking to a government agent. Any statements made, whether in a formal interview or not, can be used against a company, a practice, or the individual. While companies should never request that staff not speak to government representatives – doing so could constitute obstruction of justice – they should educate their staff on their rights to have counsel or a company representative with them if they wish to have them present.

4. Be skeptical of too-good-to-be-true deals. If you ordinarily purchase a medication for $500, and you suddenly find it for $350, be skeptical. Likewise, minor changes in logos or branding, labeling in a foreign language, or other irregular features are red flags. While not all discounted drugs are ‘‘counterfeit,’’ they may still trigger liability because they are intended for a foreign country and have not followed the same supply-chain requirements under U.S. regulations, thus potentially rendering them ‘‘misbranded.’’

5. Know what you don’t know. The FDCA’s prohibited acts cover far more than counterfeit or misbranded drugs. If you work in a regulated area within the FDA’s purview, you are potentially at risk. The best time to learn is before an agent appears in your lobby.

Permission to republish. This article first appeared in Bloomberg BNA on March 4, 2016.