Best Practices in Product Liability Risk Management
A Veteran Describes the Top Six Ways to Safeguard Your Business
To understand the ever-increasing demand for cutting-edge medical devices, all one has to do is listen to the creaking knees of baby boomers. This is a huge population of people hitting their 50s and 60s who want to maintain their active daily routines as long as possible. They want to remain youthful, continue to run faster and be able to swing the golf club well into retirement.
To meet these demands, medical device firms constantly seek new ways to grow. In the process, though, many are catching flak. Personal injury attorneys accuse some companies of developing devices that seem like gimmicks at best—and health threats at worst—as they try to reignite their once high-flying stocks. These lawyers now network on Internet forums and at legal conferences built around “how to” workshops on suing specific manufacturers.
Legal magazines such as Trial have articles on various niches of product liability litigation, overcoming legal defenses asserted by device companies and back-of-magazine ads featuring experts for hire in a wide range of testimony. Any adverse patient outcome becomes rife with possibilities for a claim or lawsuit. When the proverbial shooting starts, the device company likely will get caught in the crossfire.
Just as there are highly effective people, there are highly effective medical device companies that model best practices in managing product liability risk. Some firms have built sound risk management systems—ways to reduce financial risk or cushion the blow of legal liability, claims and trials. In 20-plus years of working with medical device manufacturers, I have learned that world-class companies possess certain recurring habits, practices and qualities. Let us explore best practices in medical device risk management.
Best Practice #1:
Learn From Settled and Closed Claims
In departmentalized, compartmentalized companies, manufacturing and quality assurance may not talk to each other much or, at best, communicate infrequently. To counteract this, medical device companies should conduct claim “autopsies.” When patients die of unknown causes, doctors perform autopsies. When patients’ deaths are unexpected, hospitals hold “M&M”—Morbidity and Mortality—conferences.And after an engagement, military personnel often conduct “after action” assessments to discuss what went right and what went wrong. Engineers call this “root cause analysis.” Product liability deserves the same post-mortem from a risk management standpoint.
Common root causes of product defects, problems and complaints include:
• Placing budget/financial considerations ahead of quality (overlooking the “hidden” costs of poor quality)
• Putting schedule considerations over quality (“We don’t have time to do it right, but do it anyway …”)
• Elevating “political” considerations over quality (internal politics and external marketing)
The goal is to learn. As philosopher George Santayana said, “Those who ignore the past are condemned to repeat it.” Maybe it is human nature to invest in risk management only after a devastating event, despite the warnings that losses are “when, not if.” Implementation of risk management is the answer. Train everyone to incorporate risk assessment and mitigation into every decision he or she makes.
Best Practice #2:
See FDA Compliance as the Start of Risk Management—Not as Its Pinnacle
Compliance with FDA guidelines is a necessary but insufficient condition for sound risk management. Companies that outsource manufacturing or other parts of the device development cycle must have strong compliance programs to protect against fines, jail time and lawsuits. Just following FDA regulations, though, will not insulate firms from product liability. There is still a legal duty to exceed those requirements to make safe products—products that are free of design defects, manufacturing defects and defective warnings.
Companies that outsource must ensure that they safeguard patient safety, that marketing claims are accurate, that promotions do not illegally reward doctors and that they produce products under good manufacturing practices. With the exception of federal preemption for certain Class III devices—a doctrine under attack by plaintiff attorneys—the defense, “We met all FDA standards” is no free pass in combating medical device lawsuits.
The FDA faces public skepticism after revelations about drug and device hazards. Some lawmakers believe the FDA has become too industry friendly. In addition, the public hears a drumbeat of publicity about FDA failings. Thus, it is hard to “sell” to juries the defense that your product is good because it was blessed by the FDA. Device firms must meet FDA standards such as Good Manufacturing Practices to cement a risk management program, but they also must exceed them.
While FDA compliance will not shield companies from liability, breaching FDA standards may be used against them—it may not be fair, but it is reality. If there is a recall, an FDA “483” warning letter or hundreds of medical device reporting incidents, these can and will be used against the device firm to support a claim of defect. This is not to downplay the importance of regulatory compliance—to the contrary. Mere FDA compliance, however, is a part of sound risk management for device firms. It is a starting point, not the ending stage.
Do not let compliance delude you into thinking that this makes you bulletproof from liability claims or that it will get a claim dismissed. Highly effective risk management programs invest in strong regulatory compliance, but they do not make that the sole foundation of the risk management program.
Best Practice #3:
Do Not Confuse Risk Management With Buying Insurance
Insurance is part of risk management. However, it is just the start of risk management, not the end all and be all. Good risk management goes beyond buying insurance. Some organizations try to delegate risk management with a premium payment, thinking that a risk is “handled” simply because it is insured. This is shortsighted; it overlooks many other costs and considerations. While the purpose of insurance is to return a company to its pre-loss condition, it always fails to do this.
There is little or no recovery for lost business opportunities, management time, reputation, customers, employee morale, etc. flowing from product liability losses. In fact, such uninsured losses may exceed any insurance recovery. Unfortunately, insurance sometimes can act like a barbiturate that lulls device companies into a false sense of security. Look at a business that knowingly retains some degree of risk and, often, you will see superior risk management programs in place. Those superior programs also translate into business advantages such as higher-quality products and improved worker productivity, all leading to higher profits. This is why organizations should retain as much risk as they can, using insurance only as necessary to protect against truly catastrophic loss.
Best Practice #4:
Sidestep Risk Management Myths
Alligators swim in New York City sewers. NASA faked the moon landing in a Hollywood studio. An alien gave birth to Elvis’ love child. Urban myths are fodder for tabloid fantasy, and risk management has its own lore and myth, too. One such myth is that the past is prologue when it comes to loss activity. This attitude is reflected in statements such as, “I’ve never had an accident before”; “I’ve never had a claim before”; or “All our past claims were small.”
It is tempting for device firms to use past loss patterns to predict future claims. That is a starting point. It may or may not be a reliable indicator, though, of the odds of future losses or their severity. Maybe you have had a run of good fortune. Perhaps the legal environment has changed due to new laws or court decisions. The past is not necessarily prologue when it comes to future loss patterns, the need for insurance or the amount of financial protection that is prudent.
A second myth is that outsourcing solves all risk management problems. Some device firms think that outsourcing relieves them of legal liability or the need for financial protection. This can be a costly risk management error. Courts and juries still can find OEMs liable for a contract manufacturer’s failings.
One example is when a “general contractor” didn’t exercise reasonable care in picking the “sub.” Certain obligations to make a quality product may be non-delegable. You can’t outsource the duty to make a safe product.
Another case might be if the contract manufacturer has no or low insurance limits. Outsourcing manufacturing is no panacea. Here are four tips to help protect your firm:
• Choose contract manufacturers with care
• Make sure they carry adequate insurance limits
• Have them list you as an additional named insured on their insurance policy
• Keep your own insurance coverage, even on products you outsource, just in case
This leads to the next best practice.
Best Practice #5:
Deftly Manage Contract Liability
Best practice medical device firms—whether outsourcers or OEMs—track contracts that shift liability toward them as well as contracts that shift liability away from them. They have legal counsel closely review all contracts that the company enters into as a measure of ensuring that the company’s interests are protected. They resist contracts that would shift liability or financial responsibility for no good reason. If they assume liability by contract, they check with their insurance carrier to verify that the policy will cover such obligations. If they shift liability or financial responsibility to another firm, they make sure that the latter either has ample financial assets or insurance coverage that will activate in the event of a product mishap. In broad-brush strokes, these are the best practices in managing a medical device firm’s contract liability.
Courts may invalidate liability-shifting contracts on any number of grounds. They may hold that such contracts violate public policy—that no one should be able to negotiate away its legal duty to make safe products. They may hold that the agreement was unconscionable due to a huge disparity in bargaining power between the two parties. A court may hold that certain terms and provisions of the contract are ambiguous and interpret the ambiguity against the company that drafted the contract.
For various reasons, courts may negate the intended force and effect of liability-shifting contracts between contract manufacturers and OEMs. This is not to suggest that such companies forgo entering into contracts, only that they blend this with insurance, quality manufacturing practices and a full risk management program. Best practice firms understand that exonerating contracts have a role in their business but do not constitute the cornerstone of a risk management program to address product liability.
Best Practice #6:
Manage the Sales and Marketing Process
Sales and marketing heavily impact risk management. A hot area of litigation by plaintiffs’ attorneys is marketing practices. Several major device companies got subpoenas from the Justice Department about “consulting and service” contracts with surgeons. A former employee of one giant spinal implant company sued the firm under the Federal False Claims Act, alleging his former employer paid improper financial incentives to doctors to use their products. These cases are being written up in monthly magazines published by the personal injury bar.
A recent suit against a manufacturer of continuous passive motion devices alleged the company gave doctors trips, cruises, money through “directorship” agreements, jewelry for wives and—for one doctor—a leased Jaguar. In another case, a large device firm allegedly zeroed in on surgeons while they were still in training, and paid doctors to attend any of 200 professional meetings a year. If the doctors wanted to golf or go snorkeling, the complainant alleged, the device firm paid for the outings. (When doctors visited Memphis, company employees took them to the “Platinum Plus” strip club and then wrote off the expense as an evening at the ballet.)
The moral here is not to treat doctors as persona non grata or to avoid relationships with physicians. Indeed, positive relationships with doctors are key to successful device development. Instead, the point is for device companies to be aware of anti-kickback laws and beware of financial ties to physicians. Promote your products and collaborate with doctors in ways that are grounded in medical innovation and education, not in a doctor’s financial gain from “pushing” a particular device. Have these overseen by a designated compliance officer in a big company or a trained/informed person in a smaller company.
* * *
Embrace these six best practices and convert them into effective “corporate immune systems” to stave off expensive product liability claims and lawsuits.