Last year, the European Medicines Agency banned about 700 medicines across Europe after an investigation revealed data tampering in some trials of generic drugs in India. The questionable trials were conducted by “contract research organizations” or CROs in India on behalf of major international durgmakers located in other countries around the world.

International medical experts said that volunteers undergoing back-to-back clinical trials endangers the health of patients participating. It can also compromise clinical data gathered through these trials, on the basis of which drugmakers seek approval to sell generic medicines around the world.

“The time gap between participation in two different trials should be 90 days minimum,” said Stephanie Croft, a lead inspector at the WHO. “When [data] is incomplete or incorrect it could pose a serious risk to patients.”

Yet, some of the “volunteers” in India who participate in drug studies for international drugmakers who use Indian CROs are “addicted” to the money and find ways to violate the rules and do not wait the required 90 days between participating in clinical drug trials.

Half of more than a dozen volunteers interviewed by Reuters across four cities – Chennai, Hyderabad, Bengaluru, and New Delhi – said they waited much less than 90 days between trials. In the past three-to-four years, they said they spent several months at a time in different cities so that they could participate in as many studies as possible.

One volunteer, Vasudeva Prakash, a former mechanic, said he was never asked by CROs, and their ‘agents’ who approached him for studies, about whether he had recently taken part in another trial.

“Everybody does it. Once you start getting the money, it’s very hard to quit. It’s like an addiction,” said Prakash.

He said after the first study, he began to regularly receive messages on his phone and Facebook, often from agents working on behalf of CROs, informing him about ongoing clinical trials where volunteers were required. Such messages included three key things: the city where the trial was being conducted, the total pay offered, and the “blood loss”, or the amount of blood the volunteer will need to provide.

Prakash provided Reuters with documentation proving he underwent trials with short gaps at Apotex Research Pvt Ltd, owned by Canadian drugmaker Apotex Inc; Lotus Labs, owned by U.S. generics giant Actavis; Ethics Bio Lab, owned since last year by U.S. drugmaker Par Pharmaceutical Inc; and India’s Semler Research Center Pvt Ltd, among others.

In addition to the questionable status of volunteers, several CROs have been accused of outright data tampering. For example, CRO, Quest Life Sciences, was found last year to have manipulated clinical data on certain trials, according to inspection reports from the WHO and the UK’s medicines authority.

Several large international drugmakers, including Teva Pharmaceutical Industries Ltd and Mylan NV, rely on CROs in India to carry out tests on cheaper versions of branded drugs. The aim of these so-called “bioequivalence” studies is to gauge whether non-branded drugs are equally safe and effective. The faster the trials are undertaken, the faster the drugs can come to market.

In the wake of trial data manipulation scandals at CROs in the past three years, many large drugmakers including Swiss firm Novartis, have been shifting more critical trials back to the United States and Europe, according to consultants and industry executives.

International and local regulators have struggled to keep its oversight in line with the growth of an industry that expanded rapidly in the 2000s, as drugmakers shipped clinical trial work to India to save money. The market is estimated to have crossed $1 billion in 2016, according to consultants Frost and Sullivan.

The Food and Drug Administration released its recommendations for how medical device manufacturers should maintain the security of internet-connected devices, even after they’ve entered hospitals, patient homes, or patient bodies.

First issued in draft form last January, this guidance is more than a year in the making. The 30-page document encourages manufacturers to monitor their medical devices and associated software for bugs, and patch any problems that occur. But the recommendations are not legally enforceable – so they’re largely without teeth.

The FDA has been warning the health care industry for years that medical devices are vulnerable to cyberattacks. It’s a legitimate concern: researchers have managed to remotely tamper with devices like defibrillators, pacemakers, and insulin pumps. In 2015, FDA warned hospitals that the Hospira infusion pump, which slowly releases nutrients and medications into a patient’s body, could be accessed and controlled through the hospital’s network. That’s dangerous to patients who could be harmed directly by devices altered to deliver too much or too little medication. It also means poorly secured devices could give hackers access to hospital networks that store patient information – a situation that’s ripe for identity theft.

“In fact, hospital networks experience constant attempts of intrusion and attack, which can pose a threat to patient safety,” says Suzanne Schwartz, the FDA’s associate director for science and strategic partnerships, in a blog post about the new guidelines. “And as hackers become more sophisticated, these cybersecurity risks will evolve.”

The FDA issued an earlier set of recommendations in October 2014, which recommended ways for manufacturers to build cybersecurity protections into medical devices as they’re being designed and developed. The current guidance focuses on how to maintain medical device cybersecurity after devices have left the factory. The guidelines lay out steps for recognizing and addressing ongoing vulnerabilities. And they recommend that manufacturers join together in an Information Sharing and Analysis Organization (ISAO) to share details about security risks and responses as they occur.

Most patches and updates intended to address security vulnerabilities will be considered routine enhancements, which means manufacturers don’t have to alert the FDA every time they issue one. That is, unless someone dies or is seriously harmed because of a bug – then the manufacturer needs to report it. Dangerous bugs identified before they harm or kill anyone won’t have to be reported to the FDA as long as the manufacturer tells customers and device users about the bug within 30 days, fixes it within 60 days, and shares information about the vulnerability with an ISAO.

This attempt to secure medical devices is just the beginning, says Eric Johnson, a cyber security researcher and dean of the Vanderbilt University business school, in an email to The Verge. The FDA’s Schwartz agrees, writing in a blog post: “This is clearly not the end of what FDA will do to address cybersecurity.”

A new study published in the American Journal of Sports Medicine and summarized in a report by Reuters Health claims that patients receiving a graft of their own knee cartilage cells may be better off returning to full weight bearing after six weeks instead of the standard eight.

Knee surgery patients put on a six-week recovery track were able to get back to work and other activities like sports more quickly, and even reported slightly better results at 24 months than those who had followed an eight-week recovery plan after surgery, researchers report in the American Journal of Sports Medicine.

People with damaged cartilage in their knees can undergo so-called matrix-induced autologous chondrocyte implantation, or MACI, surgery to fix the defects that cause pain and swelling.

In the two-stage MACI surgery, healthy cartilage is collected from unaffected parts of the damaged knee and sent to a lab where it’s used to grow more cartilage on a scaffold-like material. The surgeon then implants this graft into the damaged parts of the knee where it’s expected to integrate with surrounding cartilage.

Standard practice has been to keep weight off the knee for at least eight weeks and up to three months for fear of damaging the delicate new tissue. But there’s evidence that the forces of weight and movement promote growth by the cartilage cells, the authors write, so putting some weight on the implant earlier might help speed recovery of the knee.

“The regimens employed internationally were very conservative in fear of overloading the early repair tissue and jeopardizing the final outcome,” lead author Jay Ebert told Reuters Health by email.

Besides the obvious lifestyle benefits of shorter recovery times, there are clinical benefits as well, said Ebert, of the University of Western Australia in Crawley. Returning to walking more quickly may reduce the amount of muscle lost and the level of joint stiffness after surgery, he said.

To explore whether people could heal as well from surgery if they only kept off of their feet for six weeks instead of eight, the study team recruited 37 MACI surgery patients between 2010 and 2014.

The participants were randomly assigned to an eight-week return to weight-bearing group or an accelerated six-week recovery group.

Overall, the results were good for both groups. There were two cases of graft failure, both in the eight-week recovery group.

The two groups had similar results on all tests of knee function, with the accelerated group performing slightly better. For instance their repaired knees, on average, had returned to 94 percent of the peak strength of the undamaged knee, compared to 88 percent in the eight-week recovery group.

The MRI scans showed the patients in the faster recovery group had significantly better healing on two out of eight visible measures, compared with the eight-week group.

Overall, 83 percent of patients in the eight-week group were satisfied with their surgery, while 88 percent of patients in the six-week group reported being satisfied.

Forest Park Medical Center (FPMC) in Dallas and other Texas cities was touted as a “Luxury” hospital with a “spa-like atmosphere,” which did not accept lower-paying Medicare, Medicaid, or “in-network” managed-care insurance rates, but did allow for physician ownership, As such, it rapidly attracted the attention of physician investors and their referrals

The patients were primarily ones with high reimbursing out-of-network private insurance benefits or benefits under certain federally-funded programs. As such, it was free to set its own prices for services and was generally reimbursed at substantially higher rates than in-network providers. FPMC’s strategy was to maximize profit for physician investors by refusing to join the networks of insurance plans for a period of time after its formation, allowing its owners and managers to enrich themselves through out-of-network billing and reimbursement.

But, rather than leave money on the table, FPMC’s owners, managers, and employees also attempted to sell patients with lower reimbursing insurance coverage, namely unwitting Medicare and Medicaid beneficiaries, to other facilities in exchange for cash.

Yet worker’s compensation patients were included in the clientele accepted by this “Luxury” facility. According to the indictment, the hospital accepted the referral of patients with high reimbursing, out-of-network private insurance benefits, and benefits under certain non-Medicare and Medicaid federally-funded programs, such as the Federal Federal Employees’ Compensation Program also known as federal workers compensation.

Included in the 21 professionals indicted this December were Iris Kathleen Forrest, 56, of Dallas who was a worker’s compensation preauthorization specialist who allegedly received approximately $450,000 in bribe and kickback payments in exchange for referring patients, including those she was preauthorizing, to FPMC or to surgeons who performed medical procedures, including surgeries, at the hospital. And Royce Vaughn Bicklein, 44, of San Antonio, Texas was a worker’s compensation lawyer who received approximately $100,000 in bribe and kickback payments in exchange for referring patients, including his clients, to FPMC or to surgeons who performed medical procedures, including surgeries, at the hospital.

Although the typical arrangement in Texas would call for the carve-out of Medicare and Medicaid programs, the intent being to avoid the possibility of running afoul of the Department of Health and Human Services Office of Inspector General, (“HHS OIG”), what many fail to appreciate is the manifold number of federal healthcare programs which could be implicated. Each federal department has its own OIG. Federal worker’s compensation and federal employees health insurance benefits are guarded by the United States Department of Labor OIG. Military plans, or TRICARE, is protected by the Department of Defense OIG.

That’s what initially triggered federal jurisdiction at Forest Park, according to the indictment. The bribes and kickbacks included more than $10 million to TRICARE, more than $25 million to the Department of Labor FECA healthcare program, and more than $60 million to the federal employees’ and retirees’ FEHBP healthcare program. As a result of the bribes, kickbacks, and other inducements, from 2009 to 2013, FPMC allegedly billed such patients’ insurance plans and programs well over half of a billion dollars.

What would be illegal, if the prosecutors can make their case, is the alleged $40 million in bribes and kickbacks paid for referring certain patients to FPMC.

But what is interesting in this very ugly fraud case, is the inclusion of federal workers’ compensation claimants among those who were to be treated at a luxury hospital with a spa like atmosphere that bills at substantially higher rates than in-network providers. The question to be answered for taxpayers is how did this happen in the first place?

United States Attorney Phillip A. Talbert announced that a federal grand jury returned an 11-count indictment against Anthony Lazzarino, 66, former Chief of Podiatry for the VA’s Northern California Health Care System, and Peter Wong, 58, founder and CEO of Sacramento based Sunrise Shoes and Pedorthic Service, charging them with health care fraud, conspiracy to pay and receive kickbacks on medical referrals, and conspiracy to commit wire fraud.

Lazzarino was a 1982 graduate of Kent State University, College of Podiatric Medicine. Lazzarino began working at the Veterans Health Administration in 2007 with a starting salary of $122,379. California records show his license status as “canceled.”

Sunrise Shoes claims on its website to provide services under most insurance plans, including workers’ compensation, and specifically the State Compensation Insurance Fund.

According to court documents, between March 2008 and February 2015, Lazzarino and Wong engaged in a scheme to defraud the VA by billing the Veterans Health Administration for custom work and services that were prescribed but not supplied in shoes delivered to veterans.

In addition, Lazzarino referred patients directly to Sunrise in violation of VA policy, and agreed with Wong to offer kickbacks in return for such referrals.

Finally, Lazzarino, Wong, and Jai Aing Chen, who separately pleaded guilty on December 6, 2016, agreed to make materially false statements and omissions to the VA regarding where the shoes were manufactured, in the course of applying for an estimated $59 million contract.

This case is the product of an investigation by the Department of Veterans Affairs, Office of Inspector General, the Department of Veterans Affairs Police Service, and the U.S. Immigration and Customs Enforcement’s (ICE) Homeland Security Investigations (HSI). Assistant U.S. Attorney Matthew M. Yelovich is prosecuting the case.

If convicted, Lazzarino and Wong face a maximum statutory penalty of 10 years in prison and a $250,000 fine for each health care fraud count, and five years in prison and a $250,000 fine for each of the two conspiracy counts.