We’ve seen stories lately that an increasing trend towards online sales of prescription drugs could become as much of a threat to retail drugstores as online shopping generally has become to department stores. For non-prescription drugs, that future is already here – just Google “OTC Drugs Online” and check out the results. Or
As our loyal readers know, the Reed Smith side of the blog has been very interested in 3D printing, and particularly in its product liability implications. We recently shared with you the most comprehensive law review article to date on this subject (here) – authored by Bexis and Reed Smith associate (and sometimes guest…
This post is from the Reed Smith side of the blog only.
For well over a year, now Reed Smith has been engaged in an “initiative” concerning the innovative technology, “3D printing,” also known as “additive manufacturing.” We’ve tried to stay on the forefront of the legal implications of 3D printing, particularly the product liability…
The FDA released its final Guidance on Postmarket Management of Cybersecurity in Medical Devices during the week between Christmas and New Year. You can link to a full copy here, and we gave you our detailed take on the draft Guidance here. You can also click here to see what our data privacy and security colleagues wrote about the final Guidance on Reed Smith’s Technology Law Dispatch, as they beat us to the presses.
The final Guidance resembles the draft, with a few refinements. We see two guiding principles in the final Guidance. First, the final Guidance continues to follow a risk-based approach. As we observed before, the FDA could not have taken a different tack. Medical devices always present both benefits and risks, and the goal of regulators when it comes to cybersecurity is to assess and mitigate risks without overly compromising a device’s benefits. Second, the FDA recognizes that managing medical device cybersecurity takes a village. Or, in the Agency’s words, “FDA recognizes that medical device cybersecurity is a shared responsibility among stakeholders including health care facilities, patients, providers, and manufacturers of medical devices.” Guidance, at 12.
The final Guidance therefore recommends the implementation of cybersecurity risk management programs. Such programs would include monitoring reported adverse events under current regulations. The FDA also recommends incorporating elements consistent with the National Institute for Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity. Guidance, at 14. We commented in our prior post that the FDA was combining familiar medical device elements with others borrowed from the cybersecurity world. The citation to NIST’s Framework is a perfect example of the wedding between those two worlds.
More specifically, a cybersecurity risk management program would include:
- Monitoring cybersecurity information sources for identification and detection of cybersecurity vulnerabilities and risk;
- Maintaining robust software lifecycle processes;
- Understanding, assessing and detecting presence and impact of a vulnerability;
- Establishing and communicating processes for vulnerability intake and handling;
- Using threat modeling to define clearly how to maintain safety and essential performance of a device by developing mitigations that protect, respond and recover from the cybersecurity risk;
- Adopting a coordinated vulnerability disclosure policy and practice; and
- Deploying mitigations that address cybersecurity risk early and prior to exploitation.
Bexis recently attended the “Emerging Issues in Mass-Tort MDLs Conference” sponsored by Duke Law School (those of us from Philly remember Duke as part of “Black Saturday” back in 1979). Several panels discussed various issues relating to MDLs including using early, issue-specific fact sheets, which Bexis advocated be considered amended pleadings subject to…
If you represented a large corporation or a wealthy individual, wouldn’t you want to know if your prospective jurors were campaigning for Bernie Sanders on Facebook? Or how about criminal prosecutors who might want to know if members of their jury panel had posted strong feelings on police conduct? If you were adverse to a drug or medical device company, maybe you would want to know if a prospective juror wrote for the Drug and Device Law Blog (although we can guarantee that you will find no more thoughtful and impartial jurors than the seven individuals who make up the collective “we”).
Millions of potential jurors make information like this (and much more) publicly available on the Internet through social media or otherwise, and what trial advocate would not want to uncover it? We got to thinking about this topic a few months ago when we read a unique order that came out of the Northern District of California in Oracle America, Inc. v. Google Inc., ___ F. Supp.3d ___, 2016 WL 1252794 (N.D. Cal. Mar. 25, 2016). The district judge in Oracle v. Google asked the parties in a high-stakes copyright action to abstain voluntarily from searching the jury panel’s social media. If the parties would not agree to a complete ban, then the court would impose specific limitations.
We’ll get to the details in a minute. But first, we set out to see if there are any rules that govern searching jurors’ social media (with research assistance from Reed Smith attorney David Chang). It turns out there are, mainly within the rules of ethics and professional conduct. The first rules obviously are our duties of competence and diligence. They are among the first duties listed under the ABA’s Model Rules and probably the rules governing lawyers in most every state. See Model Rules of Professional Conduct, Rules 1.1, 1.3. If there is publicly available information that would help us identify jurors with potential biases, a competent and diligent trial advocate needs to consider gaining access to it.
There are, however, countervailing considerations. On April 14, 2014, the ABA’s Standing Committee on Ethics and Professional Responsibility published “Formal Opinion 466, Lawyer Reviewing Jurors’ Internet Presence.” The ABA committee’s opinion came on the heels of an opinion from the Association of the Bar of the City of New York—“Formal Opinion 2012-2, Jury Research and Social Media.” These are not the only publications on the topic, but they were at the cutting edge, and they cover the major considerations.
This is one of those stories you simply cannot make up.
We were using technology to get some ideas about technology. That is, we were surfing around the internet to find descriptions of the successful use of technology in litigation. Our eyes grew weary as we scrolled from screen to screen. There was a lot of same-old-same-old. Then we found an article in the Legal Times from 2005 entitled, “Jurors, Watch the Screen.” You can see the article here. Even as far back as 2005 it was becoming clear that one could use snazzy technology without suffering from the Goliath effect – the perception that your client must have deep pockets. After all, both sides at trials and depositions were using PowerPoints, videos, and arresting graphics. Jurors had come to understand that anyone with a laptop could put on a multi-media show. (Lawyers used to talk about a trial-in-a-box. But by 2005, we went up against a plaintiff lawyer who had a trial-in-a-laptop. He was smooth. He was impressive. He lost.)