As federal spending on health care increases in response to the COVID-19 pandemic, including spending on medical devices and diagnostic and laboratory tests, companies should expect close scrutiny from federal prosecutors, particularly where conduct poses a risk to patient health and safety. Few sectors within the health care space have received greater scrutiny from U.S. Department of Justice prosecutors than medical technology companies. We analyzed settlements with such companies (including device manufactures, laboratories and health technology vendors) from 2014 to 2019 and found the following: 67 companies reached settlements totaling more than $1.9 billion in fines, penalties and forfeitures. Kickbacks were the most common type of alleged misconduct, followed by unlawful promotional practices and quality and manufacturing problems. Corporate compliance programs—updated and adapted to address current and emerging risk areas—are essential in mitigating potential actions.

The Years in Numbers: Settlement Statistics

Medical technology enforcement activity was steady throughout the past six years, with a high of 14 settlements in both 2016 and 2019 and a low of eight settlements in 2017. The value of settlements ranged widely over the six years studied. Nine settlements were valued at $1 million and below, 31 were between $1 million and $10 million, and 30 settlements were between $10 million and $100 million. Three settlements were valued at over $100 million.

Kickbacks, Unlawful Promotion and Quality Issues Account for Most Medical Technology Cases

Kickbacks and inducements are the biggest risk area for medtech companies. Based on our analysis, 49% of settlements cited kickbacks and inducements as the alleged misconduct. These settlements resolved allegations of improper payments to prescribers, customers or others in a position to purchase, prescribe or recommend a company's products. Speaker programs and consulting payments received the closest DOJ scrutiny and pose the greatest financial risk to companies. Because prosecutors know where and how to look for misconduct in this area, it is no longer sufficient for companies to look solely at company relationships with speakers when assessing speaker program risks. Rather, where attendees are provided meals or other valuable items, speaker program controls should address program attendees to ensure they have a legitimate need for the information presented and are not "frequent flyers" at such events.

The DOJ has also taken active enforcement measures against gifts, free or discounted practice development and market development support, improper payments to distributors such as pharmacies, and improper relationships with co-pay charitable foundations. Prosecutors use Sunshine Act reports to access detailed information about a company's financial relationships with health care providers; companies therefore should review such reports for compliance red flags and tailor monitoring and auditing programs. Companies would do well to understand the financial implications a potential suit in this area may bring. One settlement—valued at $350 million—represents the largest False Claims Act recovery by the United States in a kickback case involving a medical device company to date.

Promotional misconduct is also an active area of scrutiny by the DOJ. Twenty-seven percent of settlements alleged improper promotional practices. Prosecutors have focused on conduct that is false and misleading, or conduct that presents a substantial risk to patient health and safety. The alleged behavior included selling medical devices not approved or cleared by the U.S. Food and Drug Administration, promoting devices for unapproved uses or claiming a device produced certain results while lacking sufficient evidence to support the claim. The potential for consumer and patient harm seems to be the DOJ's predominant consideration, as cited by senior DOJ officials and prosecutors. To protect themselves, companies should address and resolve critical monitoring or audit findings, as unaddressed audit findings can be powerful evidence for prosecutors in assessing corporate knowledge.

Twelve percent of settlements alleged quality and manufacturing violations. Though the DOJ pursued fewer cases in this area, these enforcement actions were far more likely to include criminal components. The resolved cases involved a variety of issues, including the distribution of contaminated ultrasound gel, distribution of contaminated drug delivery devices, manufacture of sterile solutions in nonsterile facilities, removal from the market of an adulterated product without notifying FDA, and distribution of faulty diagnostic testing devices. Of the nine settlements related to quality and manufacturing violations, more than half involved a criminal component. Given this heightened risk, corporate compliance controls around manufacturing and quality are essential. Companies must ensure their reporting mechanisms allow legal and compliance departments real-time visibility into problems that pose patient health and safety risks.

DOJ prosecutors pursued a significant number of criminal cases against employees and executives of medtech companies. Collectively, the DOJ prosecuted 15 individuals in this six-year period and cited potential harm to patients as a motivating factor in four actions. Going forward, this focus on individual culpability is likely to continue, including in cases that result in significant patient harm.

Implications for Medical Technology Companies

Medtech companies will continue to be an enforcement priority for federal prosecutors. As federal spending on health technologies grows, companies can expect increased federal oversight and enforcement scrutiny. The most common commercial activities by medtech companies—speaker programs, consulting arrangements and detailing and promotional activities—have inherent risks. Prosecutors are adept at rooting out misconduct in these areas and know which legal theories will likely succeed. False Claims Act whistleblowers continue to be the most common trigger for DOJ scrutiny, given the DOJ's statutory obligation to look into whistleblower complaints. Thus, there is reason to believe that whistleblower complaints will continue to be filed against medtech companies.

What should companies do? Companies should review their compliance controls in each of the identified risk areas. Financial relationships with those who purchase, prescribe or recommend a company's product inherently create risk. While policies and training are necessary, companies should implement rigorous back-end monitoring and auditing to promptly identify and mitigate compliance programs. Similarly, companies should assess their front- and back-end controls around quality and manufacturing, including effective mechanisms to elevate problems such as adverse audit findings. Companies should also ensure they have a means to track identified compliance problems to ensure they are addressed and remedial actions taken in a timely fashion. Each of these areas may require additional compliance resources. Such investments are important as U.S. prosecutors, aided by whistleblowers, continue to make medtech companies an enforcement priority.

John Bentivoglio, Jennifer Bragg and Maya Florence are partners and Pamela Amaechi is an associate at Skadden, Arps, Slate, Meagher & Flom.