Although we do not currently have any products on the market, if we obtain FDA approval for our product candidates, and begin commercializing those products in the United States, our operations may be directly, or indirectly through our prescribers, customers and third-party payors, subject to various U.S. federal and state healthcare laws and regulations, including, without limitation, the U.S. federal Anti-Kickback Statute, the U.S. federal civil and criminal false claims laws and Physician Payments Sunshine Act and regulations. Healthcare providers, physicians and others play a primary role in the recommendation and prescription of any products for which we obtain marketing approval. These laws may impact, among other things, our current business operations, including our clinical research activities proposed sales and marketing and education programs and constrain the business or financial arrangements and relationships with healthcare providers, physicians and other parties through which we market, sell and distribute our products for which we obtain marketing approval. In addition, we may be subject to patient data privacy and security regulation by both the U.S. federal government and the states in which we conduct our business. Finally, we may be subject to additional healthcare, statutory and regulatory requirements and enforcement by foreign regulatory authorities in jurisdictions in which we conduct our business. The U.S. laws that may affect our ability to operate include:
- the U.S. federal Anti-Kickback Statute, which prohibits, among other things, persons or entities from knowingly and willfully soliciting, offering, receiving or paying any remuneration (including any kickback, bribe, or certain rebates), directly or indirectly, overtly or covertly, in cash or in kind, to induce or reward either the referral of an individual for, or the purchase, lease, order or recommendation of, any good, facility, item or service, for which payment may be made, in whole or in part, under U.S. federal and state healthcare programs such as Medicare and Medicaid. A person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation;- the U.S. federal false claims and civil monetary penalties laws, including the civil False Claims Act, which, among other things, impose criminal and civil penalties, including through civil whistleblower or qui tam actions, against individuals or entities for knowingly presenting, or causing to be presented, to the U.S. federal government, claims for payment or approval that are false or fraudulent, knowingly making, using or causing to be made or used, a false record or statement material to a false or fraudulent claim, or from knowingly making a false statement to avoid, decrease or conceal an obligation to pay money to the U.S. federal government. In addition, the government may assert that a claim including items and services resulting from a violation of the U.S. federal Anti-Kickback Statute constitutes a false or fraudulent claim for purposes of the False Claims Act;- the U.S. federal Health Insurance Portability and Accountability Act of 1996 ("HIPAA") which imposes criminal and civil liability for, among other things, knowingly and willfully executing, or attempting to execute, a scheme to defraud any healthcare benefit program, or knowingly and willfully falsifying, concealing or covering up a material fact or making any materially false statement, in connection with the delivery of, or payment for, healthcare benefits, items or services; similar to the U.S. federal Anti-Kickback Statute, a person or entity does not need to have actual knowledge of the statute or specific intent to violate it in order to have committed a violation;- HIPAA, as amended by the Health Information Technology for Economic and Clinical Health Act ("HITECH") enacted as part of the American Recovery and Reinvestment Act of 2009, and its implementing regulations, and as amended again by the Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules Under HITECH and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules, commonly referred to as the Final HIPAA Omnibus Rule, published in January 2013, which imposes certain obligations, including mandatory contractual terms, on covered entities subject to HIPAA (i.e., health plans, healthcare clearinghouses and certain healthcare providers), as well as their business associates that perform certain services for or on their behalf involving the use or disclosure of individually identifiable health information, to safeguard the privacy, security and transmission of individually identifiable health information from any unauthorized use or disclosure;- the FDCA, which prohibits, among other things, the adulteration or misbranding of drugs, biologics and medical devices;- the U.S. federal Physician Payments Sunshine Act, enacted as part of the ACA, and its implementing regulations, which require certain manufacturers of drugs, devices, biologics and medical supplies that are reimbursable under Medicare, Medicaid, or the Children's Health Insurance Program to report annually to CMS information related to certain payments and other transfers of value to physicians (defined to include doctors, dentists, optometrists, podiatrists and chiropractors) and teaching hospitals, as well as ownership and investment interests held by the physicians described above and their immediate family members;- analogous state laws and regulations, including: state anti-kickback and false claims laws, which may apply to our business practices, including, but not limited to, research, distribution, sales and marketing arrangements and claims involving healthcare items or services reimbursed by any third-party payor, including private insurers;- state laws that require pharmaceutical companies to comply with the pharmaceutical industry's voluntary compliance guidelines and the relevant compliance guidance promulgated by the U.S. federal government, or otherwise restrict payments that may be made to healthcare providers and other potential referral sources;- state laws and regulations that require drug manufacturers to file reports relating to pricing and marketing information, which requires tracking gifts and other remuneration and items of value provided to healthcare professionals and entities;- state and local laws that require the registration of pharmaceutical sales representatives; and - state laws governing the privacy and security of personal information, including personal health information in certain circumstances, many of which differ from each other in significant ways and often are not preempted by HIPAA, thus complicating compliance efforts.
Ensuring that our internal operations and current and future business arrangements with third parties comply with applicable healthcare laws and regulations will involve substantial costs. It is possible that governmental authorities will conclude that our business practices do not comply with current or future statutes, regulations, agency guidance or case law involving applicable fraud and abuse or other healthcare laws and regulations. If our operations are found to be in violation of any of the laws described above or any other governmental laws and regulations that may apply to us, we may be subject to significant penalties, including civil, criminal and administrative penalties, damages, fines, exclusion from U.S. government funded healthcare programs, such as Medicare and Medicaid, or similar programs in other countries or jurisdictions, disgorgement, individual imprisonment, contractual damages, reputational harm, diminished profits, additional reporting requirements and oversight if we become subject to a corporate integrity agreement or similar agreement to resolve allegations of non-compliance with these laws and the curtailment or restructuring of our operations. Further, defending against any such actions can be costly, time-consuming and may require significant financial and personnel resources. Therefore, even if we are successful in defending against any such actions that may be brought against us, our business may be impaired. If any of the physicians or other providers or entities with whom we expect to do business is found to not be in compliance with applicable laws, they may be subject to criminal, civil or administrative sanctions, including exclusions from government funded healthcare programs and imprisonment. If any of the above occur, it could adversely affect our ability to operate our business and our results of operations.