RISK FACTORS 4 laws of the European Union Member States may result in fines attempting to execute, a scheme to defraud any healthcare and other administrative penalties. The draft Data Protection benefit program or obtain, by means of false or fraudulent Regulation currently going through the adoption process is pretenses, representations or promises, any of the money or expected to introduce new data protection requirements in property owned by, or under the custody or control of, any the European Union and substantial fines for breaches of the healthcare benefit program, regardless of whether the payor is data protection rules. If the draft Data Protection Regulation public or private, knowingly and willfully embezzling or stealing is adopted in its current form it may increase our responsibility from a health care benefit program, wil lful ly obstructing a and liability in relation to personal data that we process and we criminal investigation of a health care offense and knowingly may be required to put in place additional mechanisms ensuring and willfully falsifying, concealing or covering up by any trick or compliance with the new data protection rules. This may be device a material fact or making any materially false statements onerous and adversely affect our business, financial condition, in connection with the delivery of, or payment for, healthcare results of operations and prospects. benefits, items or services relating to healthcare matters; In the United States, our current and future operations are directly, • HIPAA, as amended by the Health Information Technology or indirectly through our prescribers, customers and purchasers, for Economic and Clinical Health Act, or HITECH, and its subject to various U.S. federal and state fraud and abuse laws and implementing regulations, which impose certain requirements regulations, including, without limitation, the federal Health Care relating to the privacy, security and transmission of individually Program Anti-Kickback Statute, the federal civil and criminal False identifiable health information without appropriate Claims Act and Physician Payments Sunshine Act and regulations. authorization on “covered entities,” including healthcare These laws will impact, among other things, our proposed sales, providers, health plans, and healthcare clearinghouses, as well marketing and educational programs. In addition, we may be as their respective “business associates” that create, receive, subject to patient privacy laws by both the U.S. federal government maintain or transmit individually identifiable health information and the U.S. states in which we conduct our business. The laws that for or on behalf of a covered entity; will affect our operations include, but are not limited to: • federal transparency laws, including the federal Physician • the federal Health Care Program Anti-Kickback Statute, Payments Sunshine Act, created under Section 6002 of the which prohibits, among other things, persons or entities from ACA, that require disclosure of payments and other transfers knowingly and willfully soliciting, receiving, offering or paying of value provided to physicians and teaching hospitals, and any remuneration (including any kickback, bribe or rebate), ownership and investment interests held by physicians directly or indirectly, overtly or covertly, in cash or in kind, in and other healthcare providers and their immediate family return for the purchase, recommendation, leasing or furnishing members and applicable group purchasing organizations; and of an item or service reimbursable under a federal healthcare • U.S. state law equivalents of each of the above federal program, such as the Medicare and Medicaid programs. laws, state laws that require drug manufacturers to report This statute has been interpreted to apply to arrangements information related to payments and other transfers of value between pharmaceutical manufacturers on the one hand, and to physicians and other healthcare providers or marketing prescribers, purchasers and formulary managers on the other. expenditures and state laws governing the privacy and security The ACA amends the intent requirement of the federal Anti- of health information in certain circumstances, many of which Kickback Statute. A person or entity no longer needs to have differ from each other in significant ways and may not have the actual knowledge of this statute or specific intent to violate it; same effect, thus complicating compliance efforts in certain • federal civil and criminal false claims laws and civil monetary circumstances, such as specific disease states. penalty laws which prohibit, among other things, individuals or Ensuring that our business arrangements and contracts comply entities from knowingly presenting, or causing to be presented, with applicable healthcare laws and regulations will likely be costly. claims for payment or approval from Medicare, Medicaid or Because of the breadth of these laws and the narrowness of the other government payors that are false or fraudulent. The ACA statutory exceptions and safe harbors available, it is possible that provides and recent government cases against pharmaceutical some of our business activities could be subject to challenge by and medical device manufacturers support the view that governmental authorities under one or more current or future federal Anti-Kickback Statute violations and certain marketing statues, regulations or case law involving applicable fraud and practices, including off-label promotion, may implicate the abuse or other healthcare laws and regulations. If our operations False Claims Act; are found to be in violation of any of the laws described above or • the federal Health Insurance Portability and Accountability Act any other governmental regulations that may apply to us, we may of 1996, or HIPAA, which created additional federal criminal be subject to significant civil, criminal and administrative penalties, statutes that prohibit knowingly and wil lful ly executing, or damages, fines, disgorgement, individual imprisonment, possible 40 – GENSIGHT BIOLOGICS – 2017 Registration Document