The Trump Administration has declared this month National Slavery and Human Trafficking Prevention Month, calling on industry associations, law enforcement, private businesses, and others to work toward ending modern slavery and human trafficking. This proclamation follows the Administration’s efforts to combat human trafficking, which we have previously discussed here, and comes on the heels of an OMB memorandum released last fall aimed at “enhanc[ing] the effectiveness of anti-trafficking requirements in Federal acquisition while helping contractors manage and reduce the burden associated with meeting these responsibilities.”
Momentum In Drug Pricing Reform: House Passes New Legislation on the Heels of Presidential Candidates’ Drug Pricing Proposals
Late last week, House Democrats passed Speaker Nancy Pelosi’s Elijah E. Cummings Lower Drug Costs Now Act. This bill would, among other things, permit the Department of Health and Human Services (“HHS”) to negotiate lower prices for 250 of the costliest drugs on behalf of Medicare beneficiaries and other consumers. Although this particular legislation appears to have little chance of passing the Senate and appears to lack support from President Trump, it comes on the heels of several other efforts aimed at reducing prescription drug prices. For instance, the Trump administration has released its drug pricing blueprint to use similar price control mechanisms to lower Medicare drug prices. Additionally, just last month, Senator Cory Booker, along with Senators Bernie Sanders and Kamala Harris, introduced the Prescription Drug Affordability and Access Act (“Act” or “Prescription Act”) to regulate the cost of prescription drugs and threaten the abolishment of patent protections for non-compliant drug manufacturers. The current version of the proposal raises significant questions.
The Prescription Act proposes to create two new bodies: (1) the Bureau of Prescription Drug Affordability and Access (“Bureau”) within HHS to determine list prices for new and existing drugs; and (2) a Consumer Advisory Council (“Council”) comprised of patients, patient organizations, and medicine and health care finance experts to oversee the Bureau. Before a new drug can go to market, the Act obligates drug makers to provide the Bureau with sensitive information regarding the cost of research and development, the cost of the drug and comparable medications in other countries, and the federal investments of the drug’s discovery and production, among other things, in order for the Bureau to determine an “appropriate” price. For drugs already on the market, the Bureau would review the drug manufacturer’s cost profile and set an appropriate price based on the lesser of the Bureau-determined price or the median list price of eleven listed drug reference countries including Japan, Germany, the United Kingdom, France, Italy, Canada, Australia, Spain, the Netherlands, Switzerland, and Sweden. If drug makers charge an “inappropriate” price for a drug – i.e., a price above the amount determined by the Bureau, they must remit a rebate based on the surplus revenue earned to patients affected by the higher price. Further, if a drug maker fails to comply with the Bureau’s list price or remit excessive revenue earned within 30 days of receiving a notice that its price is “inappropriate,” HHS may void any patent related to the medication or clinical trial data or end other government-granted exclusivity. In the event HHS invalidates the patent, the Act contemplates that third parties should provide “reasonable compensation” to the patent holders, but the Act does not discuss how reasonable compensation would be determined.
In addition to the uncertainty regarding the calculation of “reasonable compensation,” the Act (like other similar proposals) does not appear to ensure that a drug product’s price reflects its true value. For instance, although the Bureau may take into account the cost of research and development for the particular drug at issue, there is no guarantee that the Bureau will account for (1) the often significant investment made in unsuccessful attempts to bring other drugs to market, or (2) the savings that a drug might bring to the healthcare market by preventing future illness or avoiding more costly treatment options. Also, the Act’s incorporation of reference pricing does not account for the nuances in healthcare systems in the reference countries, including the availability of alternative treatment methods in those countries.
Providing HHS the authority to invalidate patents and government licenses based on drug maker’s failure to abide by a drug price set on what appears to be an incomplete list of relevant factors promises to create further uncertainty for companies investing in drug product development. Companies would be well advised to continue monitoring progress on the Prescription Act, as well as drug pricing reforms more generally, as we head into an election year where government action on drug pricing appears to remain a central issue.
DoD Releases Version 0.7 of Its Cybersecurity Maturity Model Certification
On December 13, the Department of Defense (“DoD”) released the latest version of its Cybersecurity Maturity Model Certification (“CMMC”). This is the third iteration of the draft model that DoD has publicly released since it issued the first draft in October. (We previously discussed Version 0.4 and Version 0.6 of the CMMC in prior blog posts.)
DoD describes the CMMC as “a DoD certification process that measures a DIB sector company’s ability to protect FCI [Federal Contract Information] and CUI [Controlled Unclassified Information].” DoD has stated publicly that it intends to begin incorporating certification requirements into solicitations starting in Fall 2020, with compliance audits beginning in late 2020 or early 2021. Depending the sensitivity of the information that contractors will receive in the course of performing work for DoD, they will be expected to demonstrate compliance through third party audits with the requirements set forth under one of five certification levels. This applies even where contractors will not be handling FCI or CUI in the course of performing their contracts.[1]
The two most significant updates to the model in this version of the draft are (i) the addition of “Practices” for obtaining Level 4 and 5 certifications, and (ii) an expansion of “clarifications” section, which now covers the requirements of Levels 2 and 3 of the model, in addition to Level 1. These changes and others are discussed in more detail below. Given the expected release in late January 2020, it is likely that the requirements in this draft will closely resemble those that will be set forth in Version 1.0 of the CMMC framework, which is anticipated to serve as the basis for the first contractor audits.
Commerce Department Proposes Rule Impacting Information and Communications Technology Supply Chains
On November 27, 2019, the Department of Commerce issued a proposed rule to implement the May 15, 2019 Executive Order entitled “Securing the Information and Communications Technology and Services Supply Chain.” Once finalized and effective, the regulations will govern the process and procedures that the Secretary of Commerce will use to determine whether certain transactions involving information and communications technology or services (“ICTS”) should be prohibited or otherwise restricted. As currently drafted, the proposed rule goes further than many other legal authorities, in that it allows the government to prohibit or otherwise restrict a broad range of wholly commercial transactions that the Secretary determines present national security risks.
Details on key aspects of the proposed rule are in a Client Alert that we published on November 27, available here. The public comment period remains open until December 27. Given the breadth of the proposed rule and the significant number of open questions, thoughtful comments will be critically important in scoping a final rule. Continue Reading
New FAR Rule Expands Counterfeit Reporting Obligations
Last week, the FAR Council issued a Final Rule, setting forth new FAR provisions that require the reporting of certain counterfeit and suspect counterfeit parts and certain major or critical nonconformances to the Government – Industry Data Exchange Program (“GIDEP”).[1] This Final Rule comes more than five years after the rule was first proposed in the Federal Register in June 2014. The FAR Council describes the Final Rule as “significantly de-scoped” from the version proposed in 2014, but it nonetheless constitutes a significant expansion of the existing counterfeit part reporting obligations, which to date have applied only to electronic parts under DOD contracts.
OFCCP Proposes Rule Removing TRICARE Health Care Providers from Its Regulatory Authority
On November 6, 2019, the Department of Labor’s Office of Federal Contract Compliance Programs (“OFCCP”) issued a Notice of Proposed Rulemaking (“NPRM”) aimed at resolving what OFCCP describes as a “decade of confusion.”[1] At issue is a long-standing question concerning the scope of OFCCP’s enforcement authority over health care providers participating in TRICARE, a federal health care program covering millions of military personnel, veterans, and their families. In particular, the NPRM requests comments on proposed regulations that would amend OFCCP’s definition of “subcontractor” and thereby remove TRICARE providers–and potentially other categories of providers–from OFCCP’s regulatory authority entirely. The deadline for filing comments is December 6, 2019.
What Is Lowest Priced Technically Acceptable? GAO Clarifies Reach of New LPTA Restrictions
As previously discussed on this blog, the National Defense Authorization Act for Fiscal Year 2017 and the NDAA for Fiscal Year 2018 imposed new limitations on when the Department of Defense can use Lowest Price Technically Acceptable source selection methods. Just last month, the Department of Defense issued a final rule amending the Defense Federal Acquisition Regulation Supplement to implement those provisions. Now, in Inserso Corp., B-417791, B-417791.3, Nov. 4, 2019, GAO has weighed in on what counts as LPTA for purposes of those restrictions. This decision may indicate a potentially significant limitation on the reach of the NDAA provisions, new DFARS rule, and proposed FAR rule.
DoD Releases Version 0.6 of its Cybersecurity Maturity Model Certification
On November 7, the Office of the Assistant Secretary of Defense for Acquisition released Version 0.6 of its draft Cybersecurity Maturity Model Certification (CMMC) for public comment. The CMMC was created in response to growing concerns by Congress and within DoD over the increased presence of cyber threats and intrusions aimed at the Defense Industrial Base (DIB) and its supply chains.
The model updates Version 0.4, which DoD released on September 4, 2019, and which we wrote about here. The CMMC establishes the framework necessary for contractors to obtain one of five certification levels necessary to perform work on certain DoD contracts, including those that require the handling of Controlled Unclassified Information. Whereas Version 0.4 merely listed the capabilities, controls, and processes that were expected to apply to each certification level, this version provides some additional discussion and clarification to assist contractors with meeting Level 1 certifications.
DoD has not explicitly asked for comment on this version of the CMMC, and has stated that the updated model is being released “so that the public can review the draft model and begin to prepare for the eventual CMMC roll out.” For this reason, although additional changes are to be expected to the model, contractors should review the general requirements closely to ensure that they are positioned to continue bidding on DoD contracts once DoD begins including a requirement to obtain a specific certification level in Requests for Proposal in Fall 2020. Continue Reading
Not So Fast Guy: Recent GAO Decision Provides Rule For When Agency Deadlines Are Unreasonably Short
Tight deadlines are a fact of life in the world of government contracting. Indeed, it is not unusual for the government to expect a contractor to provide large amounts of information in just a few short days. And the draconian penalty for missing such a deadline is usually the rejection of a proposal.
But can an agency’s deadline be unreasonably short? Yes. In MCR Federal, LLC, GAO determined that the agency’s deadline for submitting its final proposal revision (“FPR”) was so short that it deprived the protester of a fair opportunity to improve its proposal.
The More Things Change, the More They Stay the Same: GAO’s FY 2019 Protest Statistics
GAO released its Fiscal Year 2019 protest statistics yesterday, and there are both noticeable changes and relative constants:
- Protest filings are down by 16%, which means about 400 fewer protests than FY18. The reason why is anyone’s guess, but it’s likely related in large part to GAO’s new Electronic Protest Docketing System — and associated $350 filing fee. Prior to EPDS, anyone could submit a protest simply by emailing a protest letter to GAO. Now, a protester must file electronically through a formal docketing system — and pay $350 to get on file.
- The number of merits decisions is about the same as FY18. There were only 35 fewer merits decisions in FY19 compared to FY18, lending further support to the theory that the 400 protest-filing decrease is related to EPDS and the filing fee — and that most of those 400 never would have reached a merits decision.
- The sustain rate is about the same as FY18. The sustain rate in FY19 is 13%, compared to 15% in FY18. But more importantly . . .
- The effectiveness rate is exactly the same as FY18. The effectiveness rate in FY19 and FY18 was the same — 44%. The effectiveness rate measures the percentage of all protests filed in which the protester obtains relief “either as a result of voluntary agency corrective action or [GAO] sustaining the protest.”
- The number of hearings significantly increased from FY18. There were only 5 hearings in FY18 (i.e., in 0.51% of cases), compared to 21 hearings in FY19 (i.e., in 2% of cases).
