Since the early 2000s, corporations and individuals in the life sciences industry have been the subject of heightened scrutiny and intensified regulatory enforcement for their alleged involvement in bribery and corruption, unlawful marketing practices, and research fraud. Since 2001, more than 35 pharmaceutical and biotechnology manufacturers and medical device companies have settled allegations with the U.S. government, many of them paying hefty fines and entering into expansive corporate integrity agreements (CIAs). For each fiscal year between 2009–2014, the U.S. government has recovered more than $2 billion from the life sciences industry.1 Demands from both the government and the public at large have caused the industry to reshape its business practices at a fundamental operational level.
The initial wave of investigations in the 2000s focused on pricing and reimbursement issues. The first major settlement came in the case against TAP Pharmaceutical Products in 2001.2 TAP agreed “to pay $875 million to settle criminal and civil charges that it had illegally manipulated the Medicare and Medicaid programs” and entered into a CIA that, among other things, “significantly changed the manner in which TAP supervised its marketing and sales staff, and ensured that TAP would report to the Medicare and Medicaid programs the true average sale price for drugs reimbursed by those programs.”3
CIAs have become an important government vehicle for changing industry practices. The Office of Inspector General (OIG) for the U.S. Department of Health and Human Services negotiates CIAs with companies as part of the settlement of federal healthcare program investigations. In addition to penalties, companies agree to the CIA obligations, and in exchange, the OIG agrees not to seek their exclusion from participation in Medicare, Medicaid, or other federal healthcare programs. CIAs typically last five years and include sweeping requirements to implement compliance program components (for details, see Chapter 10).
Regulators soon broadened the scope of their enforcement scrutiny to include additional promotional activities, along with relationships and interactions with healthcare providers. From 2004 to 2009, settlements were reached with 11 manufacturers to resolve allegations of off-label promotion; by 2015 the list was more than 30. One impact of this new enforcement activity was the inclusion of additional CIA requirements that were aimed at multiple functions across the company. On top of the exorbitant settlements paid to resolve allegations related to misbranding—the highest was GlaxoSmithKline’s (GSK) $3 billion settlement4 with the U.S. Department of Justice (DOJ) in 2012 for off-label promotion and other allegations—the accompanying CIAs required companies to set up significant controls around commercial practices and strategies.
The new focus on industry relationships with healthcare professionals gave rise to unprecedented restrictions on promotional activities, including limitations on meals, entertainment, gift giving, and sample distribution, to name a few. Compliance monitoring of sales force personnel, speaker programs, and responses to medical information were standard CIA requirements that have since become routine across the industry. It has also become common for companies to conduct annual needs assessments and develop fair market value (FMV) frameworks to help ensure that healthcare professional (HCP) consultants are retained for legitimate services and paid at FMV. The drive toward transparency of financial relationships has resulted in state and federal laws as well as laws in European countries and other jurisdictions requiring pharmaceutical and medical device companies to publicly disclose payments to healthcare professionals.
Prosecutors have become more sophisticated in identifying a broader range of misconduct as seen by the evolving focus of their investigations. Past enforcement activity had targeted companies and behaviors that result in the biggest recoupments, but as the larger pharmaceutical and medical device companies have strengthened their compliance infrastructure, the government recognizes that the same risks may exist within small and mid-size companies.
Recent complaints have already begun to touch on medical and scientific activities, such as publications and investigator-sponsored research, and the DOJ has indicated that research and development issues will continue to be scrutinized. Interactions with payers and with patients are also receiving increased attention. Changes in the healthcare industry have led drug manufacturers to focus on the payer community to ensure that patients have access to their products and on patient education and support programs to differentiate their brand. The ongoing identification and exposure of fraudulent activities and conflicts of interest in the life sciences industry will continue to result in new and revised rules, regulations, and enforcement activity.
Laws and regulations designed to ensure patient safety and prevent fraud and abuse of public healthcare programs are continuously being revised and updated, but the target risk areas have remained fairly constant since World War II. John Braithwaite’s 1984 book Corporate Crime in the Pharmaceutical Industry5 describes corporate misdeeds including bribing government officials, customs officers, and safety inspectors; fabricating clinical trial data; unsafe manufacturing practices; fraudulent government price reporting; expanding indications and inventing new diseases; kickbacks to physicians; misleading advertising; ghostwriting; and a host of other behaviors that are still under investigation 30 years later.
In the United States, most healthcare providers, payers, and intermediaries are non-governmental commercial entities. Life sciences pricing to such commercial entities is largely unregulated and determined through negotiation in a manner broadly similar to other commercial industries.6 Taxpayer dollars are, however, also used to pay for certain life science products, and the mechanism by which those prices are determined is known as “government pricing.”
Government pricing programs are socially important in supporting the provision of drug access to tens of millions of people in need of the treatment regimen. These programs are financially significant with a large and increasing share of the market and large per-unit pricing impacts. They are also subject to significant risk for reasons including underlying complexity, uncertain guidance, executive certification, and massive oversight and enforcement.
Government pricing programs vary, but all share the same underlying approach whereby the government’s prices are determined by reference to comparable commercial prices as reported by manufacturers. Specifically, participating manufacturers calculate and submit to the government average prices and/or lowest prices for various customer groups in a manner consistent with governmental guidance. This can be extremely difficult for a number of reasons including:
Oversight and enforcement were relatively light during the early years of these programs. Then, in the late 1990s, a whistleblower filed the first of what became a flood of average wholesale price (AWP) lawsuits that extracted billions of dollars from the industry based on allegations that pharmaceutical manufacturers had manipulated their undiscounted prices in a scheme that caused payers to over-reimburse healthcare providers, which, in turn, promoted sales of the products.7 These lawsuits revealed the challenges in compliance with government pricing programs, and a bevy of whistleblower lawsuits followed, along with various governmental actions, increased audit oversight, and other forms of scrutiny. It is difficult to quantify the amounts of money involved because individual settlements often address multiple issues and self-disclosures are generally not publicized.
The industry has responded by improving processes to avoid such lawsuits and providing visibility into potential areas of vulnerability (e.g., when guidance is unclear and assumptions are made). Corporate departments dedicated to government pricing have expanded, with many employing 20 or more people, and they are being led by more senior people. Dedicated government pricing attorneys have been brought in-house. Third-party systems costing tens of millions of dollars have been implemented at most large manufacturers, and the smaller ones are enhancing system capabilities as well.
Government pricing is based on commercial pricing, and compliance requires accurate and complete commercial data. Manufacturers have therefore adapted processes across numerous general business functions such as sales accounting, customer master, regulatory, and others. Robust internal certification processes have been put in place. Compliance audits led by external experts are conducted annually at many manufacturers. In 2015, the government settled a government pricing case with a manufacturer and included in the settlement agreement8, for the first time, a comprehensive description of what a robust government pricing compliance program must include. The life sciences industry is in the process of assessing and revising its programs accordingly.
The U.S. Anti-Kickback Statute (AKS)9 prohibits drug and device companies from knowingly10 and willfully offering or providing payments, other financial incentives, or items of value to healthcare professionals and organizations as inducements for prescribing, recommending, or using their drug or device that is reimbursed by federal health care programs. Improper industry influence over prescribing choices is a type of fraud that results in patient safety risks and excessive costs that are passed on to patients and payers, including the federal government.11 Under the U.S. False Claims Act (FCA), a drug or device company may be held liable when its kickback schemes generate prescriptions that are reimbursed by federal health care programs. In 2010 the Patient Protection and Affordable Care Act (PPACA) made it official that claims submitted in violation of the AKS automatically constitute false claims for purposes of the FCA.
Contracting and discounting arrangements with purchasers of prescription drugs, biologics, and medical devices, including wholesalers, health maintenance organizations (HMOs), and other types of payers, are an area of potential kickback risk. Inducements offered to purchasers may fall under the AKS if the purchased products are reimbursable by a federal healthcare program.
In 2006 Schering-Plough paid $345 million to resolve charges for paying a kickback to an HMO in exchange for preferred treatment on the HMO’s formulary and for failing to report to Medicaid the true best price for the product. Rather than agree to the HMO’s request to reduce the price of a product, the pharmaceutical company had offered a $10 million package of added value that included an annual data fee equivalent to 2 percent of gross sales.12 Other arrangements that have been identified in anti-kickback cases include stocking allowances, price protection payments, prebates,13 market share payments, and free goods designed to induce retail pharmacy and wholesaler customers to purchase products.14 Note that the AKS and the corresponding regulations establish a number of “safe harbors” into which arrangements can be structured to reduce or eliminate the risk of AKS violation.15
Regulators and the private sector recognize that there are legitimate and important reasons for drug and device companies to collaborate with physicians and healthcare professionals. However, there is a risk that these relationships may result in improper influence over medical decision making. This undue influence can come in the form of lavish dinners and vacations or be disguised in consulting arrangements. Repeated abuses of the AKS have resulted in numerous settlements and corporate integrity agreements and have led the government to demand greater transparency into financial relationships between industry and healthcare professionals.
Many of the largest settlements between the U.S. government and pharmaceutical companies consisted of alleged anti-kickback violations for making illegal payments to doctors and other health professionals.16 The kickbacks included the use of speaker programs, preceptorships/mentorships, and improper gifts, such as entertainment and meals. One company allegedly “plied doctors with perks such as free spa treatments, Colorado ski trips, pheasant-hunting jaunts to Europe, and Madonna concert tickets.”17
Medical device companies have also been scrutinized for some of their consulting arrangements. In September 2007, four major medical device manufacturers collectively paid the government $311 million to resolve allegations of providing kickbacks to physicians. The investigation identified certain arrangements designed to increase sales of artificial hip and knee implants used by the consulting surgeons. Some companies paid the surgeons a fee of $5,000 to provide a quarterly report on marketing trends; the reports were typically of little value and often duplicated from quarter to quarter. Sham product development agreements were also uncovered. These agreements, which yielded millions of dollars in royalty payments for up to 20 years, would include consultant physicians who were added midway through the project and who contributed little.
Potentially more nefarious, but less commonly seen, are investigations and settlements related to sham studies. In 2008, the biopharmaceutical company Biovail Pharmaceuticals pleaded guilty to conspiracy and to violating the anti-kickback statute for allegedly conducting a sham study. Physicians were paid up to $1,000 per enrollee to prescribe the company’s drug, have the patient fill the prescription, conduct routine follow-ups, and complete a questionnaire. The work required was minimal, of limited to no scientific value, and the payment exceeded FMV.18
In 2009, in response to the increased scrutiny of interactions with HCPs, both the Pharmaceutical Research and Manufacturers of America (PhRMA) and the Advanced Medical Technology Association (AdvaMed) revised their codes on Interactions with Healthcare Professionals to include stricter limitations on the provision of gifts, meals, entertainment, support for conferences and education, and agreements related to speaker programs, consulting, and royalties. Both codes emphasize that HCP consultants should only be engaged for legitimate purposes unrelated to purchasing or prescribing behavior and that payments should be made at FMV.
Despite the heightened publicity of enforcement activity and industry guidance in this area, the industry continues to face litigation related to alleged kickbacks to healthcare professionals. In a January 2015 settlement against Daiichi Sankyo, the government alleged that the company paid physicians improper kickbacks in the form of speaker fees. Physicians were allegedly compensated for “speaking” on duplicative topics over company-paid dinners. In one example cited, the dinner was “so lavish that its cost exceeded the company’s own internal cost limitation of $140 per person”; in other instances, the inappropriate conduct involved payments to speakers for “speaking only to members of his or her own staff in his or her own office.”19 In addition, it was alleged that the same speaker program presentations were presented to the same audience several times in the same year.
Within the United States, bribery in the life sciences sector is prosecuted at both the federal and state levels. The OIG also has jurisdiction to investigate and oversee federal healthcare programs. For corruption matters involving foreign government officials outside of the United States, the U.S. Department of Justice (DOJ) and U.S. Securities and Exchange Commission (SEC) prosecute bribery cases under the Foreign Corrupt Practices Act (FCPA) across all industries including life sciences. The same activities prohibited by the AKS in the United States are prohibited by the FCPA when the recipient of the bribe is a government official. This includes health ministries, doctors, and other healthcare professionals in countries where the healthcare systems are government agencies. Siemens paid $1.7 billion to the United States and Germany in 2008 to settle allegations of corruption across a number of sectors including medical devices. Subsequent cases have included medical device companies, pharmaceutical manufacturers, and most recently a laboratory.
In remarks at a U.S. pharmaceutical industry conference in March 2015, SEC Director of Enforcement Andrew Ceresney said that FCPA enforcement in the pharmaceutical industry is a high priority. Ceresney provided examples of three types of misconduct that arise most often in FCPA enforcement actions in the pharmaceutical industry20:
Many countries other than the United States have enforced their own anti-bribery and corruption laws in the pharmaceutical industry. In 2014, GSK was found guilty of bribery by a Chinese court and fined nearly $500 million for bribing government officials, hospitals, and doctors to sell drugs at higher prices.21
The Food, Drug and Cosmetic Act (FDCA) requires that a company must specify the intended uses of a product in its new drug application, 510K, or premarket approval application to the Food and Drug Administration (FDA). The FDA approves drugs for specific indications and clears devices for specific uses. Once approved or cleared, the product may not be marketed or promoted for any uses not specified in an application and approved or cleared by FDA (off-label uses).
Franklin v. Parke-Davis was the first case to link off-label promotion to the FCA, which allows private individuals to file whistleblower suits. Under the FCA, if the United States is successful in resolving or litigating the relator’s (whistleblower’s) claims, the relator may share in part of the recovery. The Parke-Davis complaint was initiated in 1996 by a physician who had been hired for a medical liaison role. Within four months, he left Parke-Davis and filed a whistleblower lawsuit alleging that the off-label marketing strategies employed by Parke-Davis resulted in federal reimbursement of drugs that were not prescribed for approved uses. In May 2004, Pfizer, Inc., which had acquired Parke-Davis and its parent company, Warner Lambert, settled the case for $430 million in civil fines and criminal penalties.
Since that case, there have been more than 30 FCA settlements against pharmaceutical and medical device companies for off-label promotion. These are often accompanied by CIAs requiring comprehensive controls and live monitoring around promotional and nonpromotional activities that have been linked to off-label marketing strategies.
Off-label settlements usually identify a broad range of improper sales and marketing activities that support off-label marketing strategies. When used improperly, company-established sales goals and call plans have been cited as evidence supporting FDCA violations. These include call plans that target physician specialties unlikely to prescribe a product for an approved use and unrealistic sales representative incentive compensation plans whose targets could only be achieved with substantial off-label prescriptions.
Speaker programs for physicians have been criticized as kickback arrangements, and they also carry significant risk for off-label marketing activity. When speaking on behalf of a drug or device company, a physician is bound to the same regulatory requirements as a company’s promotional employees. As a result, most companies attempt to control the program content by preparing the presentation materials for the speaker, with the expectation that the speaker will stay on message. However, oftentimes the audience will ask questions related to unapproved uses of the product.
In the past it was industry standard to allow speakers to provide narrow and tailored responses to audience questions about unapproved uses. However, FDA’s 2011 guidance on Responding to Unsolicited Questions for Off-Label Information about Prescription Drugs and Medical Devices has led many companies to rethink that practice. Many companies now train their speakers not to answer off-label related questions, to address them one-on-one after the program, or to direct those questions to the company’s medical affairs department. However, the risk remains that the speaker will add his or her own slides to the company’s slide deck, respond broadly to unsolicited off-label questions, or proactively discuss off-label uses of the company’s product.
Nonpromotional activities include publishing scientific data, medical education, and research. These nonpromotional activities are meant to raise disease awareness and facilitate scientific exchanges between the industry and HCPs; they are usually conducted through a company’s medical affairs (MA) department. The legal and regulatory basis for MA is limited. Although there is no statutory requirement to have a MA function, and no safe harbor for doing so, government and industry have provided some guidance. The 2003 OIG Compliance Program Guidance for Pharmaceutical Manufacturers calls for the separation of commercial and MA functions. FDA’s 2009 Reprint Guidance explicitly endorsed the role of MA in the dissemination of medical journal reprints along with a list of requirements.
Since 2009, many CIAs have required companies to follow the International Committee of Medical Journal Editors (ICMJE) requirements regarding authorship when developing policies and practices related to research and publications. These measures are in response to findings that research and publication planning have been used as key components of off-label marketing strategies. Evidence obtained in off-label investigations has shown corporate strategic plans to conduct research and create scientific literature specifically to enable the promotion of an unapproved use even when there was no intent to obtain approval for that use. A once common practice for developing a body of “scientific” information was to use company employees or professional medical writers to draft research publications and then identify prestigious doctors to put their names on the ghostwritten reports.22
The call for transparency into financial relationships has been mirrored by the requirement for greater insight into clinical research outcomes. National Institutes of Health (NIH) created clinicaltrials.gov in 1997, and since then, trial registration policies and requirements have been issued by FDA, ICMJE, World Health Organization, European Medicines Agency, and World Medical Association.23
Enforcement actions related to misconduct in research and development have primarily focused on individual researchers, but the impact of falsified research can have a devastating result for companies and the public at large. In 2010, a prominent Massachusetts doctor pleaded guilty to healthcare fraud and was sentenced to six months in prison for fabricating findings in 21 studies. This physician received funding from major drug companies, although it was not proven that the data were falsified at the instruction of those companies. Follow-up studies have found that although the main articles were retracted, articles citing the falsified findings remain in circulation.24 Five years later, a scientist who faked acquired immune deficiency syndrome (AIDS) research funded by federal grant money entered guilty pleas to two felony charges of making false statements25 was sentenced to 57 months in federal prison, fined $7.2 million, and will be subject to three years probation upon release.26
Consequences can be felt at the corporate level as well. In 2014–15, several European Union governments suspended the approval of drugs tied to alleged falsification of bioequivalence data used by a generic manufacturer to support product approval.27 Further investigations are being conducted to determine the extent of the fraud. The proliferation of falsified research and publications is clearly dangerous to the public at large and will likely continue to draw interest from investigators.
The tenets of an effective compliance program have been described throughout this book, consisting of a strong tone at the top, robust written controls, excellent training and communication, monitoring and auditing, conducting investigations, and applying appropriate disciplinary action. All of these are relevant to the life sciences industry. For specific high-risk areas in life sciences, the approach to preventing, detecting, and responding to compliance violations has been reshaped in the past decade by government investigations and enforcement activity. Corrective plans for addressing risk areas that have been the focus of government investigations have been outlined in numerous CIAs, and many companies have looked to these CIAs for guidance in developing their own compliance programs. Another noteworthy external development is DOJ’s retention of a full-time Compliance Counsel as of November 3, 2015. The Compliance Counsel will assist prosecutors with assessing “the existence and effectiveness of any compliance program that a company had in place at the time of the conduct giving rise to the prospect of criminal charges, and whether the corporation has taken meaningful remedial action, such as the implementation of new compliance measures to detect and prevent future wrongdoing.”28 In the coming months, companies can expect more guidance and benchmarking around metrics from DOJ’s Compliance Counsel which can be used to gauge the effectiveness of a compliance program.
Effective prevention must begin with a strong ethical business culture that is demonstrated by leadership at all levels, from the executive team to first-line supervisors. During the height of enforcement activity in the mid to late 2000s, many drug and device companies—both with and without CIAs—assigned most, if not all, responsibility for compliance program development and implementation to the compliance department. By centralizing the responsibility, companies could quickly build a compliance program framework and bring policies and procedures in line with rapidly changing compliance requirements. The industry’s approach to compliance, however, has become more holistic. Companies with more mature compliance programs recognize that the business needs to take ownership for compliance and to be compliance champions. The compliance program must be set by executive management, adopted by middle management, and carried out by frontline employees.
Central to risk prevention in the life sciences industry are ethical business practices related to HCP and healthcare institution (HCI)/healthcare organization (HCO) interactions. In general, almost any payment or transfer of value to an HCP/HCI/HCO poses a potential kickback risk and may also present an opportunity for off-label promotion. Employees who interact with these individuals and entities need clear guidelines regarding appropriate communications. It is not sufficient to say “stay on label.” Each product and device has its own nuanced opportunities for straying into off-label territory.
Compliance departments need to work closely with their medical and commercial colleagues to understand these nuances and help the business develop approved responses to specific scenarios that field sales and field medical personnel encounter in day-to-day activities. Companies should also establish clear rules and responsibilities to govern interactions between medical and commercial field personnel during joint meetings with HCPs, internal account planning meetings, internal trainings, and so on.
Similar robust rules and training should be provided to HCPs who speak promotionally on behalf of the company. HCPs with expertise in a specific therapeutic area are often engaged by several companies that may have different rules about what they allow HCPs to communicate during a speaker program. While the industry is moving away from allowing speakers to respond to requests for off-label information, this practice was once widely accepted and is still allowed by some companies. It is important for speakers to be educated on a company’s specific approach to this risk area.
Annual live speaker training should be supplemented with periodic follow-up training to ensure that the speaker is familiar with approved product messaging and compliance requirements. Before each program, the sales representative hosting the program should meet with the speaker and provide a quick review of messaging, compliance requirements, examples of potential off-label questions, and appropriate ways to respond to those questions.
Review and approval procedures should also be adopted to mitigate risk related to HCP/HCI/HCO relationships. Before a company engages HCPs as promotional speakers, consultants, advisors, investigators, and authors, a designated review committee should agree that there is a legitimate business need for the requested service based on well-defined selection criteria to meet a specific business need. For example, the number of speakers and programs required for an annual speaker bureau should be based on factors including the life cycle of the drug, availability of new data, and the size and location of the target audience. HCP speakers should be selected based on these needs as well as the HCP’s expertise and geographic location. The invitation to participate as a speaker should not be a reward or incentive to prescribe drugs or use devices, so companies should be cautious about allowing sales personnel to influence the HCP selection process.
Likewise, companies should implement controls related to the award of educational grants, research grants, sponsorships, charitable contributions, and other donations to HCPs/HCI/HCOs. For example, an annual plan should predefine areas of interest for investigator-initiated research, and requests for funding should only be considered if they align with those interests. Proposed research protocols should be developed independently by HCPs without influence from the company and should be evaluated on their individual merit. Research grants should not be provided as rewards for promoting or prescribing a drug or device, so sales and marketing personnel are typically excluded from the review and approval process.
Drug and device companies should be careful how they structure their sales force compensation models. Sales representative bonuses are typically tied to the number of prescriptions generated by physicians within a sales representative’s territory. Companies must be careful to create reasonable sales targets that can be achieved by selling products for approved uses to providers that are likely to treat patients with the diseases and conditions for which a drug or device is approved or cleared. Further, identifying mechanisms or controls to exclude any off-label use from compensation models is becoming a common practice.
Companies must also ensure that payments made to HCPs/HCIs/HCOs are at FMV for legitimate business needs. Physician fees should consider both HCP qualifications and the level of effort required for the proposed service. Payment terms and specific deliverables should be specified in contracts that are executed prior to the date that services are provided. Grants and sponsorships should only be awarded for purposes that advance the scientific and educational needs supported by the company, and these monies should be tied to specific, itemized budgets provided by the requesters and deemed appropriate and necessary by the review committee. Compliance departments should guide the business in establishing review and approval committees for grants and donations, but it is important for the business owners to be responsible for the process. Thus, compliance is usually not involved in the operational aspect of approval although they may be consulted by the review team as needed.
For companies with adequate resources, systems can be implemented to automate controls related to entering into these financial relationships. For example, web-based portals can be used to manage the request, review, and approval of grants for medical education and investigator-sponsored research. Such systems can ensure that required needs assessment and budget documentation are provided and that each committee member approves before a grant is awarded. Systems can also be implemented to manage a broad range of compliance requirements related to HCP contracting. Comprehensive systems can be designed to manage annual needs assessments for HCP services, HCP selection criteria, determination of FMV rates, and annual payment caps.
A strong compliance program will not prevent every compliance violation, so ongoing risk assessment and compliance monitoring are critical for detecting violations early before they become major issues. The most effective risk assessments will include strong participation from the business to identify and prioritize risk areas. With input from the business, the compliance department can develop a realistic plan for conducting monitoring and auditing.
Monitoring activities should also have a high level of involvement from the business. First-line monitoring of sales and medical field personnel can be performed by field managers. Compliance criteria should be a component of manager field rides (i.e., the observation by company representatives of sales calls or other interactions with HCPs29) to address appropriate messaging and use of promotional materials as well as adherence to company policy, such as those related to the provision of meals, handling of adverse events, provision of reprints, etc. Direct managers should also serve as first-line reviewers of expense reports. It may be easy for a direct manager to recognize a pattern of fraud, such as repeated submission of the same attendee sign-in sheets for multiple events or attendee sheets that do not reconcile to receipts. Active compliance involvement by the business is one of the defining components of a healthy culture of compliance.
However, monitoring conducted by the business should not replace live monitoring conducted by the compliance department. Interactions with HCPs are generally a high-risk area that should be included in any compliance monitoring plan. Field rides also provide an important opportunity for the compliance department to identify needs for policy revisions and specific training. With many companies downsizing their compliance departments, resource-intensive priorities, such as field rides with sales and medical personnel and live monitoring of speaker programs, may be effectively outsourced to a qualified third party.
Periodic review of documentation related to prioritized risk areas, such as HCP and HCI/HCO payments, should be conducted to evaluate compliance with processes related to review and approval, contracting, execution, and payment. Companies with reliable electronic information may employ data analytics to identify potential trends and outliers and focus their monitoring efforts. For example, many companies require employee expense reports to include the names of physicians and other HCPs who participated in a meal provided by the employee. This data can be mined to identify patterns of possible abuse such as “supper clubs” (a group of HCPs meeting for dinner under the guise of attending speaker programs). Medical information is another source of data that may be used to identify patterns of potential abuse. A regional spike in “unsolicited” requests for a specific off-label reprint may be indicative of a manager employing a specific strategy to promote for an unapproved use. Identifying such potential trends can help the compliance department focus its limited resources on higher risk areas.
One of the critical factors of effective monitoring is the ability to collate results and identify systemic issues and trends so they can be addressed in a timely manner. This means that findings from multiple sources of monitoring and auditing data (field rides, speaker program monitoring, expense report audits, email reviews, and so on) must be considered in aggregate to identify overarching trends. When designing monitoring programs, companies should proactively consider how to aggregate and analyze the various sources of audit and monitoring information. With proper planning, multiple data sources can be set up to feed into a single reporting platform. And compliance monitoring dashboards can be developed for quickly assimilating and communicating findings.
A strong compliance program, which includes the timely and appropriate response to a compliance issue, can be an important factor in the outcome of a government investigation. Companies should develop clear policies and procedures for handling compliance issues in an appropriate and consistent manner and assign roles and responsibilities for carrying out those policies.
When an issue is identified, either through monitoring or other reporting channels, a prompt investigation should be conducted to determine the magnitude of the problem. Is a single rogue employee promoting a product for an unapproved use? Or is there evidence of a broader off-label promotion strategy across a region or brand? The use of data analytics can help determine the extent of the issue and whether other areas within the organization need further investigation.
Additionally the company should identify gaps in controls that need to be addressed through corrective and preventative action plans. It is important for compliance to work with the business to identify root causes, but the business should be responsible for developing and implementing the action plans in a reasonable time frame. The company should track violations and responses to ensure that corrective and preventative action plans are carried out. Additionally, the company should ensure that multiple offenses by a particular employee or business unit can be identified and that increasing levels of discipline and corrective action plans can be implemented. For example, a valid corrective action plan for a first violation may be to retrain the employee on policies and processes; however, after multiple offenses a more robust plan should be developed.
The company should confirm that corrective and preventative measures were implemented in a timely manner and document all actions that were taken. Preventative actions should be subsequently tested and monitored to determine whether they were effective in preventing additional violations. In addition to corrective and preventative actions related to any business process, the company should address the conduct of all individuals involved in the matter. Lastly, significant findings should be communicated to executive management and external regulators when necessary.
Implementing mechanisms to help ensure that risks across the business are identified early, assessed thoroughly, and remediated promptly through additional controls, training, and communication are the hallmarks of an effective compliance program and provide value to the business. As this chapter outlines, the risk areas run the gamut; the areas implicated in prior settlements are illustrative and should not be viewed as the entirety of the risk areas. To provide the most value to their company, compliance programs are well advised to take a holistic approach—even if only through high-level oversight—when it comes to identifying areas of risk beyond the more common ones to assist the business with remediating gaps on their own. For example, understanding how many safety reports are received, from what channels, and how they are handled by the pharmacovigilance department is not inimical to a comprehensive compliance program, nor should other areas such as the use of third parties for manufacturing or assessing the accuracy of clinical trial investigator financial disclosure forms be off-limits. Business leaders generally prefer to address issues voluntarily; in this regard, a compliance program can be an asset to leadership by taking a wider view internally, raising awareness of areas for improvement and facilitating early resolution.
________________
Kathy Tench was a major contributor to the content of this chapter. Ms. Tench is a director in KPMG’s Forensic practice in New York City. Currently, Ms. Tench is on rotation to KPMG’s Zurich office. She specializes in providing regulatory compliance services to life sciences companies.