Medtronic 2012 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2012 Medtronic annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 152

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152

officers, employees, or us. The U.S. FDA may also recommend prosecution to the DOJ. Conduct giving rise
to civil or criminal penalties may also form the basis for private civil litigation by third-party payers or other
persons allegedly harmed by our conduct.
The U.S. FDA, in cooperation with U.S. Customs and Border Protection (CBP), administers controls
over the import of medical devices into the U.S. The CBP imposes its own regulatory requirements on the
import of our products, including inspection and possible sanctions for noncompliance. Medtronic is also
subject to foreign trade controls administered by several U.S. government agencies, including the Bureau of
Industry and Security within the Commerce Department and the Office of Foreign Assets Control within
the Treasury Department.
The U.S. FDA also administers certain controls over the export of medical devices from the U.S.
International sales of our medical devices that have not received U.S. FDA approval are subject to U.S. FDA
export requirements. Many countries outside the U.S. to which we export medical devices also subject such
medical devices to their own regulatory requirements. Frequently, we obtain regulatory approval for medical
devices in countries outside the U.S. first because their regulatory approval is faster than that of the
U.S. FDA. However, as a general matter, non-U.S. regulatory requirements are becoming increasingly
common and more stringent.
In the EU, a single regulatory approval process exists, and conformity with the legal requirements is
represented by the CE Mark. To obtain a CE Mark, defined products must meet minimum standards of
performance, safety, and quality (i.e., the essential requirements), and then, according to their classification,
comply with one or more of a selection of conformity assessment routes. A notified body assesses the quality
management systems of the manufacturer and the product conformity to the essential and other
requirements within the medical device directive. Medtronic is subject to inspection by notified bodies for
compliance. The competent authorities of the EU countries, generally in the form of their ministries or
departments of health, oversee the clinical research for medical devices and are responsible for market
surveillance of products once they are placed on the market. We are required to report device failures and
injuries potentially related to product use to these authorities in a timely manner. Various penalties exist for
non-compliance with the laws transcribing the medical device directives.
To be sold in Japan, most medical devices must undergo thorough safety examinations and demonstrate
medical efficacy before they are granted approval, or “shonin. The Japanese government, through the
Ministry of Health, Labour, and Welfare (MHLW), regulates medical devices under the Pharmaceutical
Affairs Law (PAL). Oversight for medical devices is conducted with participation by the Pharmaceutical and
Medical Devices Agency (PMDA), a quasi-government organization performing many of the review
functions for MHLW. Penalties for a company’s noncompliance with PAL could be severe, including
revocation or suspension of a company’s business license and criminal sanctions. MHLW and PMDA also
assess the quality management systems of the manufacturer and the product conformity to the requirements
of the PAL. Medtronic is subject to inspection for compliance by these agencies.
The process of obtaining approval to distribute medical products is costly and time-consuming in
virtually all of the major markets where we sell medical devices. We cannot assure that any new medical
devices we develop will be approved in a timely or cost-effective manner or approved at all.
Federal and state laws protect the confidentiality of certain patient health information, including patient
medical records, and restrict the use and disclosure of patient health information by health care providers.
In particular, in April 2003, the U.S. Department of Health and Human Services (HHS) published patient
privacy rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and, in
April 2005, published security rules for protected health information. The HIPAA privacy and security rules
govern the use, disclosure, and security of protected health information by “Covered Entities, which are
health care providers that submit electronic claims, health plans, and health care clearinghouses. In 2009,
Congress passed the HITECH Act, which modified certain provisions of the HIPAA privacy and security
rules for Covered Entities and their Business Associates (which is anyone that performs a service on behalf
of a Covered Entity involving the use or disclosure of protected health information and is not a member of
the Covered Entity’s workforce). These included directing HHS to publish more specific security standards,
and increasing breach notification requirements, as well as tightening certain aspects of the privacy rules.
HHS has proposed, but not finalized, these new rules. In addition, the HITECH Act provided that Business
Associates will now be subject to the same security requirements as Covered Entities, and that with regard
14