Twitter Google +1 Facebook LinkedIn Share this page RSS

Blogs

Drug / Device Law Blog Legal updates, news, and commentary from the attorneys of Baker Sterchi Cowden & Rice LLC

Missouri Supreme Court May Be Signaling a Change in Analysis of Misjoinder of Claims in Multi-Plaintiff Product Liability Cases

October 19, 2017 | Angela Higgins

On October 13, 2017, the Missouri Supreme Court issued a preliminary writ of prohibition directed to Circuit Judge Rex Burlison of the Circuit Court for the City of St. Louis, temporarily staying the talc case, Valerie Swann, et al. v. Johnson & Johnson, et al.  The Supreme Court case number is SC96704.  The plaintiffs, on behalf of the trial court, are to answer the writ petition by November 13, 2017.

Plaintiff Michael Blaes is one of 47 plaintiffs in the case, who contend that they or their decedents developed ovarian cancer following use of talcum powder.  Johnson & Johnson alleges that Blaes’s decedent did not purchase or use talcum powder in the City of St. Louis.  Blaes’s case was set for separate trial from those of the other plaintiffs, but Judge Burlison declined to formally sever his claim such that it could be reassigned and venue assessed.  That decision is the subject of Johnson & Johnson’s petition for a writ of prohibition.

Missouri has long had a troubled history with venue analysis.  As part of tort reform in 2005, the legislature made significant changes to the venue statute, designed to prevent forum shopping.  The recent explosion in “litigation tourism” focused in the City of St. Louis has not been due to any change in, or deficiency of, the venue statute and the joinder rules, but in changes in the application of long-standing principles of venue and joinder.

Refusal to sever unrelated claims is at the core of the problem.  Litigation tourism in St. Louis depends upon a single, anchor plaintiff who is a Missouri resident with a plausible jurisdictional claim and basis to claim venue in the City of St. Louis, with dozens of unrelated, out-of-state plaintiffs clinging to that anchor plaintiff’s case to justify pursuit of claims in Missouri against non-residents.  The claims are misjoined and should be severed, but to date the Missouri Supreme Court has declined to find that a trial court’s refusal to sever misjoined claims warrants reversal on appeal unless the defendant can establish that the severance decision was prejudicial to the outcome (by establishing that the City of St. Louis is a biased venue).  See Barron v. Abbott Labs., Inc., No. SC96151, 2017 Mo. LEXIS 403, at *6 (Sep. 12, 2017).

Severance has not always been this controversial, but reflects a change in the application of Missouri law and procedure in recent years.  Rule 52.06 of the Missouri Rules of Civil Procedure is titled “Misjoinder and nonjoinder of parties,” and provides that “Any claim against a party may be severed and proceeded with separately.”  Misjoinder of claims or parties requires severance of the claims.  See State ex rel. Gulf Oil Corp. v. Weinstein, 379 S.W.2d 172, 174 (Mo. App. St. L. 1964).

Rule 52.05 identifies the only circumstances under which the claims of multiple plaintiffs may be properly joined in a single action:

All persons may join in one action as plaintiffs if they assert any right to relief jointly, severally, or in the alternative in respect of or arising out of the same transaction, occurrence or series of transactions or occurrences and if any question of law or fact common to all of them will arise in the action.

Mo. R. Civ. P. 52.05(a) (emphasis added).  Both tests must be met for plaintiffs to be joined in a single action.  Id.; State ex rel. Allen v. Barker, 581 S.W.2d 818, 826 (Mo. banc 1979).  If those requirements are not met, the claims are misjoined and severance is required.  Even if joinder is permitted, severance is still permissible in the trial court’s discretion, based upon factors related to fairness, economy, and prejudice.  See Wilson v. Bob Wood & Associates, Inc., 633 S.W.2d 738, 743 (Mo. App. W.D. 1981).

Rule 52.05(a) is analogous to Fed. R. Civ. P. 20(a), which provides that parties may be properly joined only where claims by or against them arise out of the same transaction or occurrence or present common questions of law or fact.  In State ex rel. Allen v. Barker, 581 S.W.2d 818, 826 (Mo.1979) the Missouri Supreme Court discussed the adoption of Rule 52.05(a), recognized that it was patterned after the federal rule, and applied federal cases to interpret it.  Id.  The federal rule has been extensively construed, and overwhelmingly find that the claims of multiple plaintiffs are misjoined when the only commonality amongst plaintiffs is that they allege damages resulting from using the same product.  See, e.g., In re Orthopedic Bone Screw Prods. Liab. Litig., MDL No. 1341, 1995 WL 428683, at *5-6 (E.D. Pa. July 15, 1995).  In the bone screw litigation, the only plaintiffs who were allowed to remain joined in a single action were those who underwent surgery by the same doctor or group of doctors, at the same hospital, and who received the same or a similar device by the same manufacturer.  Id. at *5.  There is no reason in the rule why Missouri should be applying joinder principles in a manner so inconsistent with the federal courts.

Recent jurisprudence in the City of St. Louis and in the Eastern District Court of Appeals, in fact, is inconsistent with those courts’ own past precedent on misjoinder and severance.  In Gulf Oil, plaintiffs had purchased fuel oil in unrelated transactions at different times.  Id. at 174.  These transactions did not constitute the “same transaction nor a series of transactions.”  Id. at 175.  Moreover, even though the plaintiffs all sustained fires, these occurred on different dates.  Id.  Accordingly, the plaintiffs’ losses did not constitute the same “occurrence.”  Id. 

The Gulf Oil court was keenly focused upon what is the “transaction” and what is the “occurrence” that is common to the plaintiffs.  Because the issue is joinder of plaintiffs, it is a plaintiff-focused, not defendant-focused analysis.  Recent jurisprudence on the eastern side of the state has shifted that focus to the notion that plaintiffs’ claims can arise out of the same transaction or occurrence when they derive from common conduct of the defendant, which has been expanded to include the design, marketing, and sale of the product.  In reaching these decisions, the early trial court orders rely upon cases analyzing the proper joinder of defendants, which is, of course, a defendant-behavior-focused analysis.  

Taken to the illogical extreme, the approach of focusing upon the defendants’ business practices and product design to establish joinder would allow any purchaser of a product to join with any single Missouri plaintiff and to pursue their claims in Missouri.  It is simply untenable, and seems inevitable that, if the Missouri Supreme Court does not curtail this problem, the U.S. Supreme Court will.  Allowing non-residents to sue non-residents for extraterritorial conduct and injuries is not constitutionally defensible.  Personal jurisdiction limitations “are a consequence of territorial limitations on the power of the respective States.”  Hanson v. Denckla, 357 U.S. 235, 251 (1958); see also World-Wide Volkswagen Corp v. Woodson, 444 U.S. 286, 292 (1980) (minimum contacts requirement serves the dual functions of protecting defendant against the burden of litigation and ensuring states “do not reach out beyond the limits imposed on them by their status as coequal sovereigns in our federal system”).  

There are hopeful signs – the Eastern District Court of Appeals just overturned the first talcum verdict against Johnson & Johnson for lack of personal jurisdiction.  See Estate of Fox v. Johnson & Johnson, No. ED104580, 2017 Mo. App. LEXIS 1043 (Mo. App. E.D. Oct. 17, 2017).  The dust has not yet settled on these issues, however.

Johnson & Johnson’s writ of prohibition takes a subtly different track from the issue argued in Barron.  In its recent writ, Johnson & Johnson does not argue that Judge Burlison erred in denying the original motion to sever based upon misjoinder of the plaintiffs’ claims, but that, when the court ordered separate trial of each of the claims, that the claims of each plaintiff should have been formally severed such that venue (and presumably jurisdiction) would be independently assessed as to each of the severed claims.

Rule 66.02 provides:

The court, in furtherance of convenience or to avoid prejudice, or when separate trials will be conducive to expedition and economy, may order a separate trial of any claim, cross-claim, counterclaim, or third-party claim, or of any separate issue or of any number of claims, cross-claims, counterclaims, third-party claims, or issues.

Rule 52.06 provides that “Any claim against a party may be severed and proceeded with separately.”  Missouri law has been somewhat ambiguous as to the relationship between these rules, including whether “proceed[ing] separately” with a claim is the same as severing it.

The 3-judge concurring opinion in Barron, upon which Johnson & Johnson relies for its writ petition, suggested that, when the trial court determines that a plaintiff’s claims should be separately tried, it has effectively “severed” that plaintiff’s claims from the remaining plaintiff(s).  Alternatively, where the trial court has determined that the claims should not be tried together, it would ordinarily have no basis to deny a subsequent motion to sever.  Because Mo. Rev. Stat. § 508.012 (part of the 2005 tort reform) requires reassessment of venue when a plaintiff is either added to or removed from the petition, and mandates transfer if venue is improper, the trial court’s failure to formally sever a separately-tried claim deprives defendants of the benefit of the statute.

When there has been severance, the normal administrative process would involve the assignment of a new case number to the severed case and, normally, random judicial reassignment.  Severance of claims permits the court to render separate judgments which will be deemed final for purposes of appeal.  Engel Sheet Metal Equipment, Inc. v. Shewman, 301 S.W.2d 856, 859 (Mo. App. St. L. 1957).  The claims, being independent, would be subject to independent venue and jurisdictional analysis, having been unchained from the Missouri anchor plaintiff.

It is interesting that the Supreme Court has issued a preliminary writ in the Blaes matter.  Although an order for separate trials is not generally deemed to be equivalent to an order for severance, that general principle must be considered in the context of the venue statute, which does contemplate a reassessment of venue.  A court may be required to order severance based upon misjoinder, and the Johnson & Johnson argument seems targeted squarely at overcoming the “lack of prejudice” finding in Barron – the prejudice is in the denial of the rights afforded under Mo. Rev. Stat. § 508.012.  Additionally, where the court has discretion to sever based upon judicial economy, fairness, and prejudice, it still appears to be an abuse of discretion to order 47 separate trials but refuse to sever them into independent actions. 

Johnson & Johnson’s writ petition may be the hook to pry loose severance orders in these multi-plaintiff cases.  Ideally, however, the impropriety of joinder would be assessed at an earlier stage of the litigation, before decisions on trial management have been made.  We are hopeful that recent developments in the talc cases indicates a shift away from recent practices in these multi-plaintiff cases.

Is It Necessary for an Expert Opinion to Take Into Account Obvious Alternative Explanations for an Injury? Eighth Circuit Weighs In.

August 7, 2017 | Leigh Ann Massey

In Redd v. DePuy Orthopaedics, Inc., the Eighth Circuit Court of Appeals has reminded litigators of the importance of ensuring expert witnesses perform a thorough review of a matter, including apparent alternative causal explanations, prior to issuing their opinions.

 In 2008, plaintiff Redd underwent a total hip replacement, receiving an implant supplied by hip manufacturer DePuy Orthopaedics, Inc.  At the time of her surgery, Redd suffered from a number of risk factors that placed her at a higher risk for failure of the implant as she took immunosuppressant drugs and was considered morbidly obese.  Four years after her initial surgery, the implanted hip stem fractured.  During the revision surgery to replace the hip stem, the doctors determined that the stem had not properly grown into the bone at the top of Redd’s hip, which was a known possibility given her risk factors.  Two years after her revision, Redd again experienced a hip stem fracture.  Plaintiff brought a federal diversity action against DePuy Orthopaedics, alleging negligence and strict liability claims based on product defect and failure to warn.  DePuy moved for summary judgment and for exclusion of plaintiff’s expert testimony under Federal Rule of Evidence 702 and the analysis set forth in Daubert v. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579 (1993).

Plaintiff retained a professor of metallurgy and materials science, Dr. Shankar Sastry, to testify as to the cause of the fracture.  In preparing his expert report, Dr. Sastry failed to review records related to the manufacturing process of the hip implant and disregarded consideration of biomechanical factors that could have resulted in failure of the prosthesis.  Dr. Sastry concluded that it was the physical state of the implant’s metal that caused the fracture.  He further concluded that any individual environmental or biomechanical factors would have been a secondary cause of the fracture. 

In granting DePuy’s motion to exclude Dr. Sastry’s testimony, the US District Court for the Eastern District of Missouri concluded that Dr. Sastry lacked a scientific or factual basis to conclude that there was a manufacturing defect or to opine on causation, and that he failed to consider the necessary issues of the forces that were exerted on the implant as it was placed in Redd’s hip.  Following exclusion of Dr. Sastry’s testimony, Redd lacked expert testimony on defect or causation and DePuy’s motion for summary judgment was granted.

On appeal, the Eighth Circuit reviewed the district court’s exclusion of Dr. Sastry’s testimony, the propriety of which is governed by Rule 702 and the Daubert standard.  Plaintiff argued that the district court erred by requiring Dr. Sastry to exclude other potential causes of the fracture.  The Eighth Circuit concluded that, while an expert is not required to rule out all possible causes of an injury, he or she nonetheless should adequately account for obvious alternative explanations.  Dr. Sastry did not consider the obvious alternative explanation for the fracture—failure of the hip stem to grow into the patient’s upper hip bone and subsequent failure to properly distribute her weight—which was a known possibility at the time of Redd’s surgery given her risk factors.  Because Dr. Sastry failed to consider the individual biomechanical forces placed on the prosthesis in issuing his report, the district court’s decision to exclude the causation testimony was affirmed.

The opinion may be found here.

For more on Missouri’s recent adoption of the expert witness standard set forth in Federal Rules of Evidence 702 and Daubert, see The Daubert Standard – Coming Soon to a Missouri Court Near You.

FDA – Postmarket Management of Cybersecurity in Medical Devices

June 5, 2017 | Suzanne Billam

It seems almost impossible in today’s world to escape our dependence on technology. From the minute we wake-up in the morning, we access news reports on our tablets, keep track of our health with fitness trackers, receive and respond to e-mails on our mobile phones, and many of us rely upon interconnected medical devices, such as insulin pumps, to safely navigate through a typical day.  But such convenience is not without risk. 

Medical devices, like all interconnected technology, can be vulnerable to security breaches, which “may compromise the essential clinical performance of a device” and potentially impact patient safety.  The Food and Drug Administration (“FDA”) thoroughly understands this benefit v. risk balance, and has issued a number of recommendations that address comprehensive cybersecurity over the lifecycle of medical device products.  Most recently, on December 27, 2016, the FDA issued its final Guidance on Postmarket Management of Cybersecurity in Medical Devices.  The recommendations apply to medical devices that use software, including programmable logic and software that is regulated as a medical device, including mobile medical apps.  You can link to the full text of the Guidance here.  This final Guidance closely resembles a draft of the document, issued for comment almost a year prior.  For more details on our take of the draft Guidance, see our prior series “FDA Issues Draft Guidance Document for Postmarket Management of Cybersecurity in Medical Devices” posted in four parts here, here, here, and here.  This Postmarket Guidance also follows the FDA’s Guidance on medical device premarket cybersecurity, issued in October 2014, discussed in more detail here.

The final Guidance outlines steps that medical device manufacturers and health care systems should take to monitor, identify, understand and address cybersecurity risks once medical devices and mobile medical devices have entered the marketplace.  Yet, don’t allow the “guidance” nature of the document fool you into believing its recommendations are optional, as the FDA takes the position that manufacturers are required to ensure the safety and efficacy of their medical devices, and should they choose not to follow this guidance, the device vendor must have in place another similar cybersecurity strategy in order to avoid regulatory scrutiny.

From this Guidance emerges two predominant concepts: 1) the Guidance, like its predecessor draft and the 2014 Premarket Guidance, follows a risk-based approach, i.e., guiding manufacturers to identify, assess, and mitigate risks that emerge after the device has been introduced to market; and 2) medical device cybersecurity and cybersecurity risk management must be proactively addressed throughout the entire lifestyle of a product, and is a shared responsibility among stakeholders including health care facilities, patients, providers, and manufacturers of medical devices.”[1]  In other words, cybersecurity controls should be incorporated into the design, development and manufacture of a device.  But after marketing and during patient use, the device should be continuously monitored, and cybersecurity concerns addressed.

As Suzanne B. Schwartz, the FDA’s associate director for science and strategic partnerships, stated in a blog post concurrent with the issuance of the Guidance itself, “[w]ith this guidance, we now have an outline of steps the FDA recommends manufacturers take to remain vigilant and continually address the cybersecurity risks of marketed medical devices.”[2]  “This approach enables manufacturers to focus on continuous quality improvement, which is essential to ensuring the safety and effectiveness of medical devices at all stages in the device’s lifecycle.”[3]  Essential to the FDA’s recommendations is the belief that device manufacturers implement comprehensive cybersecurity risk management programs and documentation which emphasizes “addressing vulnerabilities which may permit the unauthorized access, modification, misuse or denial of use, or the unauthorized use of information that is stored, accessed, or transferred from a medical device to an external recipient, and may result in patient harm. Manufacturers should respond in a timely fashion to address identified vulnerabilities.”[4]

Critical components of such a program include:

  • Monitoring cybersecurity information sources for identification and detection of cybersecurity vulnerabilities and risk;
  • Maintaining robust software lifecycle processes that include mechanisms for: 
    • monitoring third party software components for new vulnerabilities throughout the device’s total product lifecycle;
    • design verification and validation for software updates and patches that are used to remediate vulnerabilities, including those related to Off-the-shelf software;
  • Understanding, assessing and detecting presence and impact of a vulnerability;
  • Establishing and communicating processes for vulnerability intake and handling
  • Note: The FDA has recognized ISO/IEC 30111:2013: Information Technology – Security Techniques – Vulnerability Handling Processes;
  • Using threat modeling to clearly define how to maintain safety and essential performance of a device by developing mitigations that protect, respond and recover from the cybersecurity risk;
  • Adopting a coordinated vulnerability disclosure policy and practice. The FDA has recognized ISO/IEC 29147:2014: Information Technology – Security Techniques – Vulnerability Disclosure which may be a useful resource for manufacturers; and
  • Deploying mitigations that address cybersecurity risk early and prior to exploitation.[5]

It is further recommended that the program incorporate elements consistent with the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (i.e., Identify, Protect, Detect, Respond, and Recover).  For more details on these concepts, please see our previous discussion, which can be found here.

Perhaps more important than the shared responsibility of risk mitigation in cybersecurity among all stakeholders, is the concept that, in the FDA’s view, cybersecurity risk management should revolve around assessing therisk to the device’s essential clinical performance, which focuses on assessing the risk of patient harm.[6]  As the Guidance explains, “[a] key purpose of conducting the cyber-vulnerability risk assessment is to evaluate whether the risk of patient harm is controlled (acceptable) or uncontrolled (unacceptable). One method of assessing the acceptability of risk involves using a matrix with combinations of “exploitability” and “severity of patient harm” to determine whether the risk of patient harm is controlled or uncontrolled.”[7]  This focus is achieved by considering:

(1)   The exploitability of the cybersecurity vulnerability, and

(2)   The severity of patient harm if the vulnerability were to be exploited.[8]

Such risk is to be assessed according to these two considerations on a sliding scale, which ranges from a controlled risk (low probability of a cybersecurity exploit with little impact on patient health) to an uncontrolled risk (high probability of an exploited vulnerability that seriously threatens patient safety or even patient death).  While in some cases the evaluation will yield a definite determination of controlled or uncontrolled, the possibility remains that not all situations will produce such distinct results.[9]

The Guidance provides that manufacturers should have processes for assessing the exploitability of a cybersecurity vulnerability as well as the severity of patient harm, if the cybersecurity vulnerability were to be exploited. The FDA suggests using a cybersecurity vulnerability assessment tool or similar scoring system for rating vulnerabilities and determining the need for and urgency of the response, such as the “Common Vulnerability Scoring System,” Version 3.0.[10]  Many adequate methodologies may be utilized to analyze the potential severity of patient harm, yet the Guidance highlights an approach based on qualitative severity levels as described in ANSI/AAMI/ISO 14971: 2007/(R)2010: Medical Devices – Application of Risk Management to Medical Devices.[11]  These levels range from Negligible (inconvenience or temporary discomfort) to Catastrophic (resulting in patient death).

The figure below shows the relationship between exploitability and severity of patient harm, and can be used to categorize the risk of patient harm as controlled or uncontrolled.[12]

 

While the FDA clearly distinguishes between a controlled risk and uncontrolled risk, even its illustrative chart above shows a large gray area of in-between, further acknowledging that it will not always be clear in which category the risk belongs.

The FDA Guidance then sets forth recommended proper responses to controlled and uncontrolled risks.  Controlled risk scenarios involve relatively minor issues, where there is sufficiently low (acceptable) risk of patient harm.  However, manufacturers are still encouraged to proactively promote good cyber hygiene and reduce cybersecurity risks even when residual risk is acceptable.[13]  Uncontrolled risks, on the other hand, require immediate intervention and remediation, and must be reported under 21 CFR part 806, unless:           

(1)   There are no known serious adverse events or deaths associated with the vulnerability;

(2)   The manufacturer communicates with its customers and user community regarding the vulnerability, identifies interim compensating controls, and develops a remediation plan to bring the risk to an acceptable level, as soon as possible, but no later than 30 days after learning of the vulnerability;

(3)   The manufacturer fixes the vulnerability, validates the change, and distributes the deployable fix to its customers and user community within 60 days; and,

(4)   The manufacturer actively participates as a member of an Information Sharing Analysis Organization or “ISAO.”[14]

Like its draft before it, the final Guidance additionally contains an essential practical element in its Appendix: “Elements of an Effective Postmarket Cybersecurity Program.”  The Appendix encompasses the totality of the FDA’s recommendations, in an easy to follow five-prong framework, consistent with the elements of the NIST Framework for Improving Critical Infrastructure Cybersecurity.  These prongs are: A) Identify, B) Protect/Detect, C) Protect/Respond/Recover, and D) Risk Mitigation of Safety and Essential Performance.[15]

All medical devices come with both risks and benefits.  While it may not always be clear whether a particular risk is categorized as controlled or uncontrolled, the FDA has been explicitly clear in both its Premarket and Postmarket Guidances that comprehensive cybersecurity and risk analysis must be addressed over the lifecycle of medical device products, keeping a primary focus on the risk of patient harm.



[1] Guidance, at 12.

[2] https://blogs.fda.gov/fdavoice/index.php/2016/12/managing-medical-device-cybersecurity-in-the-postmarket-at-the-crossroads-of-cyber-safety-and-advancing-technology/

[3] Id.

[4] Guidance, at 13.

[5] Guidance, at 13-14.

[6] Guidance, at 15 (emphasis in original).

[7] Guidance, at 17.

[8] Guidance, at 15.

[9] Guidance, at 17.

[10] For more details, see “Common Vulnerability Scoring System,” Version 3.0: Specification Document (https://www.first.org/cvss/specification-document).

[11] Guidance, at 17.

[12] Guidance, at 18.

[13] Guidance, at 19.

[14] Guidance, at 22-23.

[15] Guidance, at 27-30.

Subscribe
About Drug / Device Law Blog

The BSCR Drug / Device Law Blog examines topics and legal developments of interest to the drug and device industry. Learn more about the editor, Angela Higgins, and our Drug and Device practice.

DISCLAIMER

The Drug / Device Law Blog is made available by Baker Sterchi Cowden & Rice LLC for educational purposes only as well as to give you general information and a general understanding of the law, not to provide specific legal advice. Your use of this blog site alone creates no attorney client relationship between you and the firm.

CONFIDENTIAL INFORMATION

Do not include confidential information in comments or other feedback or messages related to the Drug / Device Law Blog, as these are neither confidential nor secure methods of communicating with attorneys. The Drug / Device Law Blog should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.