For Blood & Biologics

Legal Risks Affecting Blood Banks
by Cathy Burgess, Counsel, Crowell & Moring, LLP




Share This Article





Blood banking is a high risk business. Some risks are obvious; others are not well understood. This article is by no means a comprehensive analysis of risks affecting blood banks. It identifies certain high risk areas and makes recommendations about risk mitigation, but is not intended to provide legal advice.

Products

Blood is regulated as a drug under the federal Food, Drug and Cosmetic Act (FDCA) and as a biologic under the Public Health Service Act (PHSA). The FDCA prohibits the introduction of misbranded or adulterated products into interstate commerce. In order to minimize the likelihood that unsuitable products will be distributed, FDA requires blood establishments to comply with current good manufacturing practice (CGMP) regulations1. The CGMP regulations and FDA's inspection process are designed to ensure that drug manufacturers operate in a state of control. Widespread or persistent CGMP violations indicate a lack of control, and increase the likelihood that a manufacturer will release defective products and harm patients.

Courts have held that blood products produced in violation of CGMPs are adulterated, even if they are not contaminated2 or unsafe3. Moreover, a single CGMP violation renders a product "adulterated."4 If the product label does not accurately describe the product (e.g., incorrect blood type, incorrect expiration date, unlicensed product listed as licensed), the product is misbranded.

Blood establishments should make CGMP compliance a top priority because the risks associated with systemic or persistent non-compliance are significant. FDA has an array of options: the agency can subject an establishment to repeated inspections, issue warning letters, seize product and sue for injunctive relief. If an establishment's compliance problems are particularly egregious, there is also the risk of criminal liability.

The penalties for misdemeanors are imprisonment for up to one year, a fine of $1,000 or both. Felonies can result from the same conduct as misdemeanors if the defendant has already been convicted under the FDCA or the defendant knowingly ships drugs that are adulterated, with the specific intent to defraud or mislead. Other federal criminal violations include: making false or misleading statements to a federal agency, concerning any material fact within its jurisdiction (imprisonment for up to five years); fraudulent conduct involving mail or telephone communications (imprisonment for up to 20 years); conspiracy to engage in illegal activity (imprisonment for up to 5 years).

People

  • Physical injury: Donors and recipients

A blood establishment has a legal obligation to ensure that donors and recipients are not harmed by its negligence. The proper exercise of due care, however, does not insulate the blood establishment from litigation. Blood donation is an invasive process, and even with appropriate safeguards, there is a risk of donor injury. Recipients of blood products are often critically ill, and in many cases, it is difficult to determine whether the transfusion was the cause of patient injury.

While state negligence laws vary significantly, a plaintiff must prove four elements to establish negligence: (1) the blood establishment owed a duty of care to the plaintiff; (2) the blood establishment breached its duty of care; (3) the plaintiff's injury was directly or proximately caused by the breach; and (4) the plaintiff suffered damages as the result of the breach.

Establishments can mitigate the risk of donor injury and possible litigation by following best practices for preventing and responding to adverse reactions at the collection site, providing postdonation care and contact information, providing compensation for immediate emergency care, and adhering to good recordkeeping practices.

With regard to recipient injuries, most states exempt blood from strict liability under blood shield laws, recognizing that blood products cannot be chemically treated or sterilized to ensure safety. Most litigation in this area involves claims of negligent or ineffective donor screening or infectious disease testing. In most jurisdictions, blood establishments have successfully defended against such claims by demonstrating, through expert testimony, that the establishment has complied with FDA requirements or recommendations of standard setting organizations, such as AABB.5

  • Physical injury: Employees

Blood establishments also have legal obligations to protect their employees from harm. Of particular importance for blood establishments is the Occupational Exposure to Bloodborne Pathogens Standard, which covers all employees "reasonably anticipated" to contact blood and other potentially infectious materials from bodily fluids. The standard requires employers to:

  • Develop an exposure control plan,
  • Provide mitigation measures (e.g. Hepatitis B vaccinations, personal protective equipment (PPE), engineering controls/practices),
  • Establish post-exposure evaluation and follow-up protocols,
  • Establish a hazard communication program,
  • Provide information and training programs, and
  • Comply with recordkeeping requirements.

Penalties for OSHA violations can range from up to $7,000 for an "other than serious violation," a mandatory penalty of $7,000 for a "serious violation" and up to $70,000 per violation with a minimum penalty of $5,000 for each "willful violation."

  • Security Breach/Identity Theft

A relatively new area of risk for blood establishments arises from unauthorized access to, and use of personal information maintained by the establishment. Failure to establish appropriate safeguards to protect the privacy of donor data could result in identity theft, and expose the blood establishment to potential litigation and a public relations nightmare. Currently forty-four states, D.C., Puerto Rico and the Virgin Islands have security breach notification laws, which require notification in the event of unauthorized access to personal information.

Security breach/identity theft is a relatively new area of risk for blood establishments.
In most jurisdictions, "personal information" includes social security numbers, driver's license numbers and credit card numbers. California also requires notification in the event of a security breach of a computer system containing individually identifiable medical information.

Blood establishments that enter into business associate agreements under HIPAA should be aware that Congress recently amended the HIPAA Privacy Rule, as part of the massive federal economic stimulus legislation, to require notification of security breaches involving unsecured protected health information. Under the new law, business associates are held to the same security standards as covered entities, and are subject to civil and criminal penalties. The law specifically requires business associates to notify covered entities of security breaches.

Finances

  • Fraud and Abuse Laws

Financial relationships between a blood establishment and its customers also create risk for the establishment. Under the federal anti-kickback law, it is a felony to offer anything of value to anyone if one purpose of the offer is to induce the person to purchase or order a product, or "arrange or recommend" the purchase or order of a product for which payment may be made under a federal health care program such as Medicare. There are ways to structure agreements in order to avoid liability, but the blood establishment should seek legal advice to ensure that such arrangements are proper.

The federal physician self-referral law ("Stark") prohibits an entity from receiving federal health care program reimbursement for "designated health services," including therapeutic apheresis, provided to a patient who is referred by a physician if the physician or an immediate family member has a financial relationship with the entity. Civil penalties for violation of the Stark law include: refunds or denials of claims; possible exclusion from the Medicare/Medicaid program; up to a $15,000 civil monetary penalty per tainted referral if the person knows or should know that the service would not be paid for by Medicare/Medicaid because of the financial relationship; and up to a $100,000 civil monetary penalty for entering into a scheme to circumvent the Stark law. The Stark law provides exceptions, e.g., for personal service arrangements and bona fide employment, but these arrangements must fit squarely within the exception to be protected.

The federal physician self-referral law ("Stark") prohibits an entity from receiving federal health care program reimbursement for "designated health services," including therapeutic apheresis, provided to a patient who is referred by a physician if the physician or an immediate family member has a financial relationship with the entity. Civil penalties for violation of the Stark law include: refunds or denials of claims; possible exclusion from the Medicare/Medicaid program; up to a $15,000 civil monetary penalty per tainted referral if the person knows or should know that the service would not be paid for by Medicare/Medicaid because of the financial relationship; and up to a $100,000 civil monetary penalty for entering into a scheme to circumvent the Stark law. The Stark law provides exceptions, e.g., for personal service arrangements and bona fide employment, but these arrangements must fit squarely within the exception to be protected.

  • Antitrust Laws

Arrangements with competitors can create significant antitrust liability under the Sherman Act. The most obvious example of anticompetitive behavior is an agreement with a competitor to fix prices, which is almost always illegal. Other types of anticompetitive behavior are less obvious. For example, an exclusive contract with a hospital violates the antitrust laws if the contract unreasonably blocks competition. Similarly, threatening a refusal to deal with a hospital that purchases products or services from another blood bank is an antitrust violation if there is risk of market domination. Finally, agreeing to split territories or customers with another blood bank ("I won't sell in your territory if you won't sell in mine") is almost always illegal. Penalties for violating the Sherman Act can be severe. While most enforcement actions are civil, clear and intentional violations can be subject to criminal prosecution, punishable by up to $100 million in fines for corporations and $1 million for individuals, with up to 10 years in prison.

Blood establishments that have questions regarding their competitive business practices should obtain advice from legal counsel.

Recommendations

Blood establishments should seek to consistently produce and distribute blood and blood products of the highest possible quality. This requires compliance with all applicable FDA requirements, and a clear understanding that quality is built, not tested, into products. Moreover, to the extent that problems arise, a blood establishment must thoroughly investigate problems and prevent their recurrence. This preventive approach will not only reduce the likelihood of enforcement action, but should reduce risk of product liability and negligence claims.

Blood establishments can mitigate risk across all operational areas by understanding their legal obligations, having an effective compliance program and taking prompt corrective action when problems arise. If at all possible, contact legal counsel for advice early on, not after a violation has occurred.

Cathy L. Burgess, Counsel, advises clients on compliance programs, adequacy of SOPs, investigation reports, inspection management, responding to Form FDA 483s and Warning Letters and recalls. She also conducts internal investigations and special audits related to FDA compliance. Cathy's practice includes regulatory advice concerning complex corporate transactions, clinical trials and matters related to blood establishments. Cathy also provides advice on legislative matters affecting FDA regulated entities. She assists in development of legislative strategies, assists clients with testimony, prepares staff for interviews with committee staff and provides advice on pending legislation. She has prepared testimony regarding patent extension under the Hatch-Waxman Act, and prepared position papers on drug pricing for President Clinton's transition team. Prior to joining the firm, Cathy was associate general counsel for the American Red Cross, where she served as regulatory counsel for the organization. In 1992, Cathy was the number two person on the defense team in United States v. Barr Laboratories, Inc., the leading case on current good manufacturing practices for pharmaceutical companies.

Download Free Resources
White Paper: Software Automation in the Blood and Biologics Industry
White Paper: 21 CFR Part 11 System Validation (Risk Management Plan)
Case Study: Iowa Blood


Watch Related Videos

Share This Article





FDA Link

Code of Federal Regulations (CFR) Title 21 Part 600 http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CFRPart=600

Additional Articles

Vowinkwel, Patricia. "In the Blood: A Risk Manager's Fingerprint Identity Solution for an Indiana Blood Bank." Risk & Insurance." Accessed http://findarticles.com/p/articles/mi_m0BJK/is_11_19/ai_n29478126/ 6/11/09.