Proposed Changes to HSR Rules for Pharmaceutical Companies

by Jon B. Dubrow and Carla A. R. Hine

Today the Federal Trade Commission (FTC) announced proposed changes to the Hart-Scott-Rodino (HSR) premerger notification rules that will impact the types of transactions for which pharmaceutical companies will be required to file HSR notifications with the Department of Justice and FTC.  The proposed rulemaking is meant to clarify when a transfer of exclusive rights to a patent in the pharmaceutical industry results in a potentially reportable acquisition of assets under the HSR Act.

Previously -- although never actually codified -- the FTC would determine whether the transfer of rights to a patent (usually in the form of a license) was a reportable event under the HSR Act by focusing on whether the licensor transferred the exclusive rights to "make, use and sell" under a patent.  The emphasis on the transfer of the exclusive right to manufacture would result in scenarios where parties would not be required to report the transfer of patent rights because although the licensor transferred the rights to commercialize the product, it retained the right to manufacture the product.

In an effort to place substance over form, the proposed rulemaking instead suggests an "all commercially significant rights" test, where a transfer of "the exclusive rights to a patent that allow only the recipient of the exclusive patent rights to use the patent in a particular therapeutic area (or specific indication within a therapeutic area)" would constitute a potentially reportable acquisition of assets if the size-of-transaction and size-of-person (if applicable) thresholds are met, and no exemption is applicable.  The proposed rules further explain that all commercially significant rights are transferred even if the patent holder retains limited manufacturing rights to provide the licensee with product(s) covered by the patent, or co-rights to assist the licensee in developing and commercializing the product(s) covered by the patent.  Please note that this rule would only apply to patents within the pharmaceutical industry (as this is the industry in which these scenarios most often occur).

The text of the proposed rulemaking can be found here.  The FTC is accepting comments until October 25, 2012.

Workshop Examines Effects of Waiver Authority on Development of ACOs

The FTC, CMS and OIG hosted a public workshop on October 5, 2010, featuring panel and listening discussions on regulatory issues surrounding how the development and operation of accountable care organizations would be affected by the use of waivers, safe harbors and other exceptions to various fraud and abuse laws.

Click here for more information.

Accountable Care Organizations: FTC, CMS, OIG Hosting Public Workshop on October 5, 2010

On October 5, 2010, the FTC, CMS and OIG will host a public workshop featuring a listening session on various legal issues related to ACOs, including antitrust, physician self-referral, anti-kickback and civil monetary penalty laws.  Registration for the workshop is currently closed, but the listening session is available to all.

Click here to view the full article.

Security Breach Notifications

The Facts

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) includes significant investment in health information technology to facilitate the adoption of a U.S.-wide health information network and requires HIPAA covered entities, business associates, vendors of personal health records and related entities to notify individuals when their personal health information is subject to a breach of security.  The U.S. Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) recently issued rules relating to these security breach notification requirements.  Compliance with these regulations will require the expenditure of significant time and expense, and, therefore, health care and related industries should begin immediately familiarizing themselves with the rulemakings and updating their processes and procedures to comply accordingly. 

What’s at Stake

HIPAA covered entities, business associates, vendors of personal health records and related entities could be subject to penalties for not properly notifying patients or customers, as applicable, of security breaches involving the patients’ or customers’ individually identifiable health information.  Note that while the HHS rule is effective September 23, 2009, HHS will delay enforcement for six months.  This means that HHS will not impose sanctions for failure to provide the required notification for breaches discovered before February 22, 2010.  Similarly, while the FTC rule is effective September 24, 2009, the FTC will delay enforcement for six months.  This means that the FTC will not impose sanctions for failure to provide the required notification for breaches discovered before February 22, 2010.

Steps to Consider

  • If your organization is a HIPAA covered entity, business associate, vendor of personal health records or related entity, review the HHS and FTC regulations, which can be viewed here and here, respectively. 
  • Affected entities should immediately begin to develop a compliance plan, because the effective date of the HHS rule is September 23, 2009, and the effective date of the FTC rule is September 24, 2009.
  • Consider filing comments on the HHS rule on or before the October 23, 2009, deadline. 
  • For a summary of these regulations, review McDermott’s White Paper entitled “Regulatory Update: HITECH’s HHS and FTC Security Breach Notification Requirements.”