U.S. Sen. Marco Rubio, R-Fla., and U.S. Sen. Chuck Grassley, R-Iowa, the chairman of the U.S. Senate Finance Committee, wrote U.S. Health and Human Services (HHS) Sec. Alex Azar and Centers for Medicare and Medicaid Services (CMS) Administrator Seema Verma this week, seeking an update on the status of a congressionally mandated report which requires CMS to detail the circumstances in which CMS may be funding entities that process Americans’ genome or exome data in China or Russia. Last Congress, Rubio secured a measure to prevent Americans’ DNA from going to Chinese and Russian labs for analysis in the FY19 appropriations package.
Earlier this year, Rubio and Grassley urged the HHS Acting Inspector General to examine potential payments made to U.S. entities with partnerships to genomics companies affiliated with the Chinese government, including WuXi and BGI. Both WuXi and BGI have publicly touted their partnerships with the Chinese telecom company Huawei, a state-directed actor used by the Chinese government and Communist Party to undermine U.S. companies and steal intellectual property and trade secrets. The FBI has identified national security risks related to sharing genomic data, and recognizes China as a country that is a primary source of those risks.
The text of the letter is below:
Dear Secretary Azar and Administrator Verma:
We write in regards to the Centers for Medicare and Medicaid Services’ (CMS) failure to comply with a congressionally mandated report which requires CMS to detail the circumstances in which CMS may be funding entities that process Americans’ genome or exome data in China or Russia.
Specifically, the Joint Explanatory Statement (“Statement”) accompanying legislation appropriating funding for the Department of Health and Human Services for Fiscal Year 2019 (P.L. 115-245) states, “Each department and agency funded in this Act shall follow the directions set forth in this Act and the accompanying statement, and shall not reallocate resources or reorganize activities except as provided herein.” The same Statement directed the Secretary of Health and Human Services to issue a report within 90 days of the bill’s enactment detailing instances in which CMS may have provided funding to entities that process Americans’ genome or exome data in China or Russia. This congressionally-mandated report also directed the Secretary to coordinate with other relevant agencies to examine the potential effect of allowing beneficiaries’ genome or exome data to be processed in China or Russia on U.S. national security, U.S. intellectual property protections, HIPAA privacy protections, future biomedical development capabilities and competitiveness, and global competitiveness for U.S. laboratories.
More than a year has passed since this appropriations bill was enacted. Yet, CMS has failed to submit the report.
As you may know, the Federal Bureau of Investigation (FBI) Weapons of Mass Destruction Directorate has identified national security risks related to sharing genomic data, and recognizes China as a country that is a primary source of those risks. The FBI also identified the Shenzhen BGI Technology Company (BGI) and WuXi Nextcode Genomics (WuXi) as companies that have ties to the Chinese Government.
As we previously noted to the Inspector General, we are concerned that CMS may be providing payments for genetic testing or analysis to U.S. entities that have domestic partnerships with WuXi, BGI, and other genomics companies with ties to the Chinese government. In 2016, WuXi was the first genetic sequencing facility in China to gain CLIA (Clinical Laboratory Improvement Amendments) certification from CMS. It has since gained a foothold in the U.S. Similarly, BGI has publicly announced partnerships with leading American health care systems, including those that accept Medicare and Medicaid patients. In 2013, BGI acquired Complete Genomics, a U.S. company which later became part of MGI Tech (MGI), a BGI subsidiary. In March 2019, MGI announced plans to expand into the U.S. market by the end of 2019, making it all the more necessary to determine whether CMS payments are negatively impacting the interests of the United States.
Both BGI and WuXi also have publicly touted their partnerships with Huawei to expand genomic analytics. As you know, Huawei is a State-directed Chinese telecommunications company that, according to the heads of six U.S. intelligence agencies including the CIA, FBI, NSA, and the Director of National Intelligence, possesses the capabilities to “maliciously modify or steal information” and “to conduct undetected espionage.” This is the same company that the U.S. recently charged with conspiring to defraud our nation and stealing trade secrets, among other crimes. WuXi and BGI’s U.S.-based partnerships give them unique access to genomic data, including Americans’ genomic data. Therefore, it is particularly alarming that these two companies have partnered with Huawei.
As of March 2019, the Congressional Budget Office estimates that the federal government’s gross spending on Medicare in 2018 was $712 billion, while federal Medicaid expenditures were $389 billion, not including the states’ Medicaid spending. Together, these two programs totaled more than $1.1 trillion in federal outlays in 2018. Taxpayers cover the costs of CMS payments and have every right to know if their money has gone to entities connected to the Chinese or Russian governments.
Accordingly, we request that you provide an update on the status of this report by November 14, 2019. In addition, we request that you expand the scope of this report to include payments for genome or exome analysis to domestic Medicare and Medicaid providers that have partnerships with Chinese genomics companies, including but not limited to BGI and WuXi.
Along with the update on the status of the report, please provide responses to the following questions no later than November 14, 2019:
Does CMS require providers to notify CMS of all labs it contracts with for services covered by Medicare or Medicaid? If not, why not?
Does CMS require providers to notify CMS if beneficiaries’ genetic information is sent or stored outside of the United States? If not, why not?
As a condition of obtaining or retaining CLIA certification, does CMS require labs to notify CMS of all partnerships it maintains to perform services covered by Medicare or Medicaid? If not, why not?