Managing Risk with Third Parties and Strategic Partners

Transcription

1 Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum Managing Risk with Third Parties and Strategic Partners State Law Compliance The Overview November 8, 2007 Paul J. Silver Managing Director Huron Consulting Group

2 Agenda I. State Reporting Regulatory Landscape II. Who are Third Party Vendors and Indirect Sources? III. Compliance Risks Associated with Third Party Vendors a. Operational / business risks and considerations b. Data risks and considerations State Reporting Responsibilities: Manufacturer vs. Vendor IV. Risk Mitigation Considerations

3 State Reporting Regulatory Landscape Existing State Laws Minnesota passed the first marketing disclosure law in Between 2001 and 2005, similar laws were enacted in California, Maine, Nevada, Vermont, West Virginia, and the District of Columbia. Proposed Federal Legislation: Physician Payments Sunshine Act of 2007 (S. 2029) Will require companies with $100 million or more in annual gross revenues to report the name and address of the physician, any facility with which the physician is affiliated, the value and the date of the payment or gift, its purpose, and what, if anything, was received in exchange. Companies that fail to report the required information would be subject to penalties ranging from $10,000 to $100,000 for each violation. Pending State Legislation In 2007, at least 14 states have pending bills that would require manufacturers to report to the state's health department gifts and other expenditures. Familiarizing personnel early in the process will reduce the risk of noncompliance and training costs in the future

4 State Reporting Regulatory Landscape Each state has taken its own unique approach to marketing disclosure and prohibition laws, while having various degrees of breadth and scope: Gift Disclosure Laws: ME, MN, VE, WV, and DC File a report identifying the value, nature, and purpose of any gift, fee, payment, subsidy, or any economic benefit greater than $25 N V Prohibition & Disclosure Law: MN Prohibits certain gifts over $50 to any one HCP per year Requires disclosure of compensation and reimbursements valued at more than $100 Pending Enacted Comprehensive Compliance & Reporting Law: CA Establish annual, per-physician limits on gifts, promotional marketing materials and other items or activities Compliance with PhRMA Code and OIG Guidelines NV Adopt a written marketing code of conduct, a training program, identify a compliance officer, conduct annual audits of compliance with the company's marketing code, and adopt policies for investigating noncompliance with the marketing code

5 State Reporting Regulatory Landscape Penalties Potential injunctive relief, costs, and attorneys fees Media scrutiny Reputation / image defaming State DC ME MN Penalty A civil violation for which a fine of $1,000 plus costs and attorney's fees may be adjudged May be enforced in a civil action brought by the Attorney General. Failure to provide a report as required results in a civil violation of a $1,000 fine plus costs and attorney's fees. Any violators are considered guilty of a misdemeanor Physician Payments Sunshine Act of 2007 (S. 2029): A civil monetary violation not less than $10,000 but not more than $100,000 for each violation. VT A civil penalty of not more than $10,000 per violation and injunctive relief, costs, and attorneys fees. Each unlawful failure to disclose constitutes as separate violation.

6 Who are Third Party Vendors & Indirect Sources? Payments are sometimes made to HCPs on behalf of the company through third party vendors and indirect sources. Depending upon whom the payment is made, the company may be liable for reporting such expenditures: Third-Party Vendor Payments Event planners (e.g. speaker program/training, advisory boards, etc.) Co-promotion arrangements / partners Consultants Co-Promotional Program Reporting Responsibilities Pharmaceutical / medical device manufacturers Payments by Other (Internal) Divisions Parent company Subsidiary Sister/operating companies Functional departments within the same organization Global Organization Reimbursing US HCPs for international programs

7 Compliance Risks Associated with Third-Party Vendors Operational / Business Risks and Considerations Number of Third Party Vendors Within the Organization Tracking the number of third party vendors being engaged among the brands and functional areas Detail of Payment Information Provided by Third Party Vendor Every transaction must be identifiable and attributable to individual HCPs in order for aggregation, tracking, and reporting (aggregate spend) Capturing information including: value, nature, and purpose of each transaction Segregation of expenditures by HCP Potential Non-Compliance with Reporting and Tracking Exceed spending limits Inappropriate allocations Inaccurate aggregation of spend for one particular HCP

8 Compliance Risks Associated with Third-Party Vendors Data Risks and Considerations Unique Identification of HCP Across Multiple Systems Same name conundrum: (e.g. John Smith and John Smith Jr.) Multiple addresses Multiple group practice and affiliations Multiple tax ID and other identifiers Capture and Identification of HCP Type Physicians Mid-Levels (NP, PA, RPh, etc.) KOLs (non-prescribers) Orphan records Varying versions of a name: (e.g. Robert Mayer MD vs. Rob Mayer)

9 State Reporting Responsibilities: Manufacturer vs. Vendor Compliance with sales & marketing payment disclosure and spending limitation requires actions by both the manufacturer as well as the vendor: Manufacturer Responsibilities and Possible Risks: Collecting and compiling required information Approving payments Review for hidden payments and expenses Data security and protection of proprietary information Record retention and documentation Vendor training on organizational reporting obligations Third Party Vendor Responsibilities and Possible Risks: Compliance with organization s state reporting policies Read and certify compliance with standard operating procedures Provide information at the appropriate level of detail

10 Risk Mitigation Considerations Standard Operating Procedures Provide gift and business expenditure and state reporting SOPs to vendors Request certification of receipt and comprehension of SOPs Education Provide training to vendors regarding state reporting obligations Co-Promotion Contract Terms and Conditions Clear definition of reporting responsibilities in contract terms Monitor and Audit Inventory all agreements and services being provided by multiple vendors Designate one individual within the company to oversee TPV processes (e.g. purchasing/procurement or contracting group) Independent audit of third-party vendor contracts Standard Data Formats Required data fields Common data format Policies and Procedures Standard policies and procedures for reporting and tracking payments made to HCPs by other divisions and/or the global organization Disciplinary Action for Non-Compliance Policies for non-compliance with third party vendor

11 Questions? Paul J. Silver Managing Director Huron Consulting Group (678) Atlanta Office (646) New York Office

12 Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum Managing Risk with Third Parties and Strategic Partners Operational Aspect of Managing Third Party Vendors Bill Fitzgerald Director Global Compliance Alcon Laboratories, Inc. November 8, 2007 Elizabeth Lewis Vice President Commercial Law Millennium Pharmaceuticals, Inc.

13 Defining Third Party Vendor Types Event Planners (e.g. speaker program/training, advisory boards, etc.) Co-promotion Arrangements / Partners Consultants Internal Vendors (e.g. global, business units, etc.)

14 Identification / Inventory of Third Party Vendors Across Organization Business Inventory (sales, force, home office, MSLs, clinical, PR, etc.) Data Inventory (systems, software, spreadsheets where data resides)

15 Collecting and Compiling Required Information Development of standard data formats for third party vendors

16 Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum State Reporting Data Management, Risks, & Considerations November 8, 2007 Bill Buzzeo Vice President & General Manager Cegedim Dendrite Compliance Solutions

17 Third Party Vendor Data

18 Data Submissions Secure access, authorization and authentication Process and automated business rules to insure all 3Ps are submitted Partner / Vendor management reporting

19 Level of Detail Transaction and summary level Dashboards Graphics for decision support

20 Data Completeness Customer Master Product Master Data enrichment

21 Data Accuracy Data cleansing Data validation Data warehousing

22 Data Formats Industry standards: XML, EDI, Microsoft Office documents Others?

23 Certifications / Compliance 21 CFR Part 11 ISO 9000 CMM ITIL IEEE

24 Rights to Data Intellectual Property Public knowledge Trade Secrets Residual Rights for people that know longer work with this data