Long-time OIG Chief Counsel, Lew Morris stepped down last. OIG Update

Transcription

1 OIG Update VOL. XI, ISSUE 4/ OIG senior counsel offers key compliance take-aways from pharma compliance roundtable OIG s Riordan says industry places premium on flexibility in compliance programs The theme that permeated the OIG s day-long meeting with pharmaceutical compliance professionals earlier this year was flexibility, according to OIG Senior Counsel Mary Riordan. If there was one theme that could be used to describe the whole day it was the theme of flexibility and the need for companies to keep their compliance programs fresh, current, and up-to-date in terms of existing and newly identified risk areas, she told attendees at the recent Disclosure Summit in Washington, D.C. On February 23, the OIG convened the Pharmaceutical Compliance Roundtable, which included 42 compliance professionals from 23 pharma companies currently operating under a corporate integrity agreement (CIA). Riordan said that while the OIG has no intention of renegotiating any existing CIAs, the agency wanted to hear about the experience of these companies with an eye to future CIA provisions. During the small group sessions, she said, the industry engaged in discussion with about 15 representatives from the OIG, some whom are monitors for current CIAs. According to Riordan, the Roundtable was part of the OIG s longstanding effort to collaborate with the industry. We certainly have had good collaboration over the years she said. We wanted to hear from people in the industry about their experiences under CIAs and learn what they think is effective. Riordan pointed out that many of the requirements the OIG has included in CIAs over the years have become common elements of compliance programs in the industry more broadly. We think that many of the insights and experiences reflected in the report will be of interest to people in the industry whether they are under a CIA or not, she explained. Cont. on page 3 IN THIS ISSUE OIG senior counsel offers key compliance take-aways from pharma compliance roundtable (p. 1) New OIG chief counsel expected to keep focus on pharma (p. 1) OIG En f o r c e m e n t. OIG Senior Counsel highlights traditional and non-traditional risk areas (p. 9) Gu e s t Co m m e n t a r y. Be Proactive and Create a Culture of Compliance (p. 13) New OIG chief counsel expected to keep sharp focus on pharma Long-time OIG Chief Counsel, Lew Morris stepped down last month after a noteworthy tenure in that position. As the agency s top attorney for more than a decade, Morris played an influential role in shaping the OIG s current initiatives, including a heavy focus on drug and device companies. He was particulary vocal the last few years about the need to consider new measures, such as individual prosecutions and divestiture, to curtail fraud among recidivist pharma companies. Morris was replaced by Gregory Demske, whose public statements suggest that a continued focus on drug and device companies is certain. Cont. on page 2

2 Cont. from page 1 New OIG chief counsel expected to keep sharp focus on pharma Lew was the architect and the builder of the OIG s enforcement program for more than a decade, says former DOJ attorney, Laurence Freedman, now a partner with Patton Boggs in Washington, D.C. He says Morris helped establish a highly effective, highly professional office, that not only supports the agency s enforcement efforts, but its substantive compliance and advisory support for industry and its counsel. Lew s collaboration with the Department of Justice and the U.S. Attorney s Office built the foundation for an independent OIG, as well as a core role for the OIG in criminal and civil enforcement proceedings, says Freedman. He was deeply instrumental since the 1990 s, from LABSCAM forward, in his commitment to complex corporate cases, and in recent years was equally committed to prosecuting blatant street-level healthcare frauds. According to Freedman, Morris also made the OIG s exclusion authority a meaningful and feared enforcement tool. Former DOJ attorney, John Bentivoglio, also had high praise for Morris. Throughout his career, Lew was a model of integrity and public service, says Bentivoglio, now a partner with Skadden Arps in Washington, D.C. He says Morris helped make the OIG a formidable oversight and enforcement agency, particularly through the use of novel enforcement theories and enforcement strategies. He leaves very large shoes to fill, he says. Continued focus on pharma For his part, Demske has been with the counsel s office since 1990, when was hired as a staff attorney. He became chief of the administrative and civil remedies branch in 2002 and assistant IG for legal affairs in Last year, Demske indicated that one of the OIG s major concerns was that it was not adequately protecting federal healthcare programs by continuing to enter into settlements with pharmaceutical companies where the only penalty is a monetary penalty, which is perceived in some quarters as a cost of doing business. The OIG is reluctant to exclude pharmaceutical manufacturers because of the potential negative effect that could have on patients and the healthcare sector, both Morris and Demske have stated on several occasions. However, Demske has also suggested that if all a company has to do is pay a monetary penalty and enter into a corporate integrity agreement (CIA) that is not unlike a civil resolution. Demske suggested this might not be a sufficient deterrent to what is perceived as recidivist behavior by some pharma companies. Earlier this year, Demske appeared to take an even stronger posture with regard to deterring fraud by pharmaceutical fraud. We re seeing some of the big companies a second and third time, Demske told USA Today last March. The corporate integrity agreement is not sufficient to deter further misconduct. Leading qui tam attorney offers sharp view While some federal prosecutors have stated that violations by drug companies are now We re seeing some of the big companies a second and third time, OIG Chief Counsel, Gregory Demske, recently stated. The corporate integrity agreement is not sufficient to deter further misconduct. both fewer in number and less egregious in nature, not everybody shares that view. Writing in Forbes earlier this month, high-profile qui tam attorney, Erika Kelton of Phillips & Cohen echoed the sentiment that billion-dollar settlements are viewed by some as a cost of doing business. We continue to see a steady stream of whistleblowers with powerful evidence of pharma wrongdoing, she reported, be it illegal promotion of prescription drugs, financial inducements to doctors and pharmacists to prescribe or sell certain prescription drugs, manufacturing practices that contaminate drugs, and the use of phony science to support FDA approval or shady marketing, to name just a few. The next issue will feature a first-hand assessment of the enforcement landscape from leading qui tam attorneys. 2

3 Cont. from page 1 OIG senior counsel offers key compliance take-aways The Roundtable focused on five broad topic areas that covered many more specific areas. The five topic areas were: 1) challenges in implementing CIAs; 2) compliance program structure and oversight; 3) risk assessment and monitoring activities; 4) policies, procedures, and training activities; and 5) compliance post-cia. Challenges in implementing CIAs According to Riordan, the first broad topic addressed by the Roundtable involved challenges surrounding the implementation of CIAs, including considerable discussion about relevant covered persons. Our CIA definitions are intended to be broad and capture a number of people who are engaged in the functions that we consider most critical, she said. But the issue of defining who is relevant for purposes for compliance programs is an issue that every company must face, she added. I think what you have to do is make sure that you are thinking about compliance messages, compliance training, and policies and procedures that are going to be relevant to different groups within your organization, she explained. For example, she said, what is relevant and important for a sales representative who is interacting with doctors on a daily basis will differ from what is relevant and important for somebody in the marketing department or somebody charged with implementing an aggregate spend program. It is important for anyone heading a compliance program to think very hard about trying to tailor elements of the compliance program to the job functions that people are undertaking, she said. According to Riordan, there was also considerable discussion about the training requirements under CIAs that require companies to train all of their relevant covered persons. We heard from participants that sometimes this causes companies to implement training that may be computer-based because that is easier to track, she reported. Many participants also weighed in that small-group training, such as the in-person training at sales meetings, may be more effective than computer-based training, she said. But attendance at live sessions is harder to track and sometimes may be labor-intensive to track, the participants added. Riordan said this is an example of an issue that all companies must consider individually. So too, said Riordan, is the question of how companies ensure that employees have received the training. One method that was discussed, she said, is for companies to collect certifications for everybody who participated. Another is for a business supervisor to provide the training and then certify that their subordinates have been trained. What participants suggested, she said, was that the OIG should modify its CIA requirements to allow for less than 100 percent completion, or to permit, for example, that training sessions be held with managers, who then certify that their subordinates were trained. Riordan says there was also considerable discussion about the number of hours of training that should be required, as well as the broader question of whether for purposes of a compliance program the It is important for anyone heading a compliance program to try to tailor the program to specific job functions, said the OIG s Mary Riordan. number of hours is the best gauge. In other words, she said, is it better to mandate that employees receive a certain number of hours of training or is it more effective to try to tailor the training and create a system that tracks and evaluates the competency of the people who are receiving it? I don t know that there is a right answer, said Riordan. For the purposes of a CIA the OIG mandates a certain number of hours be provided, she noted. But maybe the decision could be made at a company to try to improve the quality or test the competency of the trainees, rather than hitting a specific number of hours target, she added. Riordan said this is another example of an area where the participants recommended that the OIG include CIA provisions that give companies more flexibility. One variation of the OIG s current practice, she said, might be to include specified training requirements in the first year of the CIA, and allow the company to revisit it in later years under the supervision of the monitor of the CIA. 3

4 Payment posting requirements According to Riordan, there was also considerable discussion about payment posting requirements. She noted that while the requirements of the Sunshine Act are not yet in force, the OIG has been including payment posting provisions in CIAs for several years. Generally, I think we heard that people believe these requirements are expensive and time-consuming to implement, she reported. But that is almost certainly also true of companies that are not currently under a CIA but working to comply with the Sunshine Act, she added. Participants voiced some concern about the differences between what is required by the OIG in this area and what is required under the Sunshine Act, said Riordan. While the OIG does not plan to renegotiate any current CIAs as a result of the Roundtable, she said, the OIG realizes the differences between the two mandates. Riordan said it is the OIG s intention that the definitions of payments for purposes of CIAs be consistent with the definitions under the Sunshine Act, once the regulatory definitions are finalized. In our CIAs, we explicitly reference the statutory and regulatory definitions, she said. We have the same carve-outs from our definition of payments that will exist under that statute and the regulations. Riordan said much of the issue in this area turns on the OIG s requirement that companies post information about payments to doctors on their website in the form of quarterly and annual postings. She indicated that the OIG recognizes that its requirements in this area are more extensive than the Sunshine Act, which requires annual posting of information. But right now we think it is appropriate to impose those additional obligations on manufacturers who are entering into settlements with us, she said. Riordan acknowledged that both regulators and the industry are in a state of flux as all sides await both final regulations from CMS and a decision from the Supreme Court about the fate of the Affordable Care Act itself. There is a fair amount of uncertainty about how the Sunshine provisions will ultimately be implemented, she said. In any case, she said, the OIG plans to continue to evaluate its CIA obligations once CMS publishes the final regulations and as companies begin to submit information to CMS for public posting. We may revisit these issues at some point in the future, she explained, but for right now we are very much in a wait-and-see mode. Compliance program structure The second general topic addressed during the Roundtable involved compliance program structure and oversight. Specifically, the participants discussed Board of Director oversight and their participation in compliance measures and compliance activities, as well as the broader concept of integrating compliance activities into the business of a pharmaceutical company. Riordan said participants were in very broad agreement that it is critical for Boards of Directors to be involved in compliance oversight and that the integration of compliance efforts into business activities materially enhances the effectiveness of compliance programs. According to Riordan, Participants were in broad agreement that it is critical for Boards of Directors to be involved in compliance oversight and that integration of compliance efforts into business activities is critical. participants offered numerous examples of how Boards of Directors are involved in compliance oversight in their own companies. She also highlighted several issues relating to Boards that arose during the Roundtable. For example, she noted that some CIAs require that Board members annually pass and sign a resolution indicating they have reviewed the company s compliance program and have found it to be effective. Participants reported that these types of requirements leave Board members better equipped to understand compliance issues. These measures also lead them to ask more questions about compliance and become involved, she added. Riordan also noted that some CIAs require that Boards of Directors retain outside compliance experts to assist them and to give them information as they undertake these resolutions. According to Riordan, participants reported that the Board s experience with these compliance experts has been fairly positive. In fact, she said, some participants suggested that Boards engage these outside experts 4

5 even if they are not required to do so under a CIA. According to the report, some participants also opined that the CIAs did not adequately account for differences in the organizational and oversight structures of companies. These differences may arise, in part, because of the national or international nature of the company (including whether there are national and/or international boards) and whether the company is publicly-traded or privately-held. Participants recommended that OIG take into account these differences and consider more flexible approaches to board training requirements, as well as flexibility in internal review organization (IRO) and compliance expert review requirements. Integration and coordination of compliance and business operations Riordan said the Roundtable discussion also devoted significant attention to the issue of integrating compliance into the business. According to Riordan, participants uniformly agreed that this greatly increases the effectiveness of a compliance program. Here too, she said, the agency heard a broad range of recommendations about how individual companies might accomplish this integration. One of the take-aways was that very often compliance personnel are located at headquarters, she said. As a result, companies rely on various types of training, communications, and field monitoring to disseminate compliance messages and activities out to the field. To the extent possible, Riordan said, participants highly recommended that the business come to own compliance. They gave us very specific examples of how this might be accomplished, she added. For example, she said, companies might opt to educate business unit managers about compliance and then have those business unit leaders perform compliance training within their units. Riordan said participants also highlighted the need to incorporate compliance issues and viewpoints into business decision-making and business initiatives at the outset. For example, she said, if a company is about to launch a new product, it will certainly want somebody from the compliance department seated at the table as it develops its marketing plan. People recognize the definite business benefit that can come from compliance, said Riordan. People recognize the fact that there is certain data that is generated for compliance purposes that can also be used for business purposes. Aggregate spend systems are a good example of that, she added. I think we heard positive feedback from participants indicating that the aggregate spend systems and the controls around those systems were actually helping their businesses get a handle on expenditures associated with health care practitioners, she explained. Risk identification and monitoring practices The third major People recognize the fact that there is certain data that is generated for compliance purposes that can also be used for business purposes, said Riordan. topic discussed at the Roundtable was risk identification and monitoring practices. In these sessions, Riordan said, participants discussed general risk assessment, as well as specific monitoring activities that companies undertake. Most CIAs do not explicitly require that companies undertake risk assessments, she noted. However, most of the participants reported that their companies perform some combination of risk assessment activities, she added. Sometimes that is at a company-wide level, said Riordan. Sometimes that is done on a productspecific level. Sometimes it is both. Moreover, this risk assessment and evaluation takes place in many different ways within companies, she added. Riordan pointed out that the OIG s CIAs require that specific activities be monitored. Here too, participants stressed the importance of flexibility. Generally speaking, she said, participants want us to include more flexibility in terms of where they focus their monitoring activities, she said. I think this goes back to the risk assessment process, said Riordan. You want to be able to identify new areas of emerging risk through various processes within your organization and then monitor to meet those risks. 5

6 According to Riordan, this topic also included discussion of call note reviews, which most companies appear to be doing. We also talked about speaker program reviews, which I think people uniformly recognize as being important, she said. These programs sometimes create challenges, because the CIA requires live monitoring often by the compliance personnel, she said, which led to some discussion about how to stretch the compliance resources to accomplish that live monitoring. Riordan said participants also raised questions about whether CIAs could be modified to permit some type of remote monitoring of speaker programs. While recognizing the resource concerns in this area, she said, there is some question about the effectiveness of remote monitoring. Ride-alongs There was also considerable discussion about ride-along activity, said Riordan. Essentially, we heard mixed reactions about the ride-along requirement, she said. Our CIAs generally require that compliance personnel ride along with sales representatives in the field, she explained. What we heard was that those kinds of ride-alongs are not generally leading to instances where the compliance person might see the sales representative doing something wrong. Nevertheless, some participants saw a considerable benefit in this activity, she said, because it opens a line of communication between compliance personnel and sales reps in the field. In short, ride-alongs help compliance personnel understand the daily realities and experiences of sales representatives, while helping to foster a productive relationship between those two functions, she said. Riordan said the OIG also heard from some participants that they would like CIAs to allow for more flexibility, but also to increase these kinds of relationship-building activities. I think that is something we will certainly think about for other future CIAs, she said. Riordan also noted that while most of the OIG s CIAs do not explicitly require that supervisors of sales representatives conduct the ride-alongs, participants reported rather uniformly that companies are doing this, regardless. She said the feeling is that having business manager ride along with the representative is very effective and consistently yields good information for both compliance purposes and business purposes. Riordan said the OIG also heard from some participants that their companies incorporate compliance metrics into these ride-alongs with the expectation that district managers or other business supervisors can then report and correct improper behavior when they see it. Riordan said she was surprised to learn that companies receive requests from senior-level management, and sometimes even Board members, to accompany sales representatives on ride-alongs or to participate in national sales meetings. She said this illustrates the fact that senior-level managers and some Boards members are looking for opportunities to better understand what takes place in the field, because it is such an important part of what drives the pharmaceutical business model. Management certifications Riordan also briefly noted that CIAs now routinely require that, in addition to having certifications from the compliance officer, companies must also get certifications from senior-level managers in certain key areas, most notably sales and marketing. We heard from the participants that they really favor the inclusion of these kinds of provisions in CIAs, she said. Similar to the Board of Director s requirement discussed above, these requirements lead to a deeper level of management involvement in compliance activities, she said. Policies, Procedures, and Training Activities The fourth main topic discussed was the very broad subject of policies, procedures and training activities. With regard to policies and procedures, she said, the focus was largely on the processes and triggers for developing and revising policies, as well as the accessibility and formatting of those policies and procedures. This is We heard mixed reaction to the ridealong requirement, said Riordan. However, some Roundtable participants said they saw considerable benefit in this activity. another place where people were in very broad agreement about the need to integrate compliance into the business, she said. Virtually everybody told us that business unit personnel and other affected 6

7 stakeholders really have to participate in the development and revision of policies and procedures, she explained. Otherwise, you are going to potentially end up with a policy or procedure that may sound good on paper, but does not make sense in practice. Riordan said the participants also discussed possible triggers to alert companies of the need to develop a new policy or revise a policy. Obviously, she said, companies will need to produce new policies and procedures if there is some change in legal requirements, if they identify some new risk area, possibly through an internal investigation, or because they identify new topics in the last big settlement. Riordan said companies might also use their disclosure programs (or questions raised to compliance personnel) to signal areas that might need to be addressed through a policy revision. We also heard that some companies proactively engage on a routine basis in an evaluation of their policies to see whether the policy still makes sense or needs to be revised, she added. According to Riordan, all sides agreed that policies and procedures have to be accessible to employees and must be provided in a useful format. As a result, she said, there was considerable discussion about using technology to make policies usable and accessible. People talked about developing compliance applications and using specific web-based compliance resources to make this information available, she added. The Roundtable participants also emphasized the need to make this information available in various formats, she said, as well as the importance of creating a process by which sales representatives and others can ask questions and promptly get answers. For example, she said, some companies pointed to the use of electronic mechanisms through which their sales reps might text or questions and then quickly get answers to those questions. The OIG also heard about some companies that collect those questions and answers and post them in a place on the website that is accessible to everybody. It is likely that if one person has a question about a particular topic, others may as well, she observed. Promoting effective training With regard to training, Riordan said, the emphasis was largely on the notion of effective training. There was uniform agreement that the training must be tailored to specific job functions. People found that it was very helpful to include real-world examples in the training she explained. Riordan said that participants talked about the utility of having business unit supervisors provide training in their organizations. They also discussed creative ways to conduct training, including role-playing and games, as well as the use of a virtual classroom for people not located in headquarters. According to Riordan, there was a fair amount of discussion about particular challenges associated with training contractors. For example, she said, the OIG heard about the unique challenges associated with training employees of vendors who may be providing services to more than one company that is operating under a CIA. Riordan said the OIG heard suggestions that it should develop some baseline training or approve baseline training in this area. Companies could then certify that the employees of their vendors had this training, which can then be used to satisfy the CIA requirements. That is something else that we are going to certainly think about as we move forward, she said. Compliance post-cia The fifth broad topic discussed by the Roundtable involved compliance activities after a CIA is completed. In this session, Riordan said, the discussion in this area revolved around what types of compliance measures the participants expected would continue after the term of the CIA had expired, as well expected future challenges in the area compliance. The OIG heard Riordan said participants expressed broad agreement that management certifications are valuable and would likely be continued once the term of CIA was completed. about the usefulness and utility of certifications from managers and Board members, as well as the importance of Board involvement, she said. Riordan said participants expressed broad agreement that management certifications are valuable and would likely be continued even after the term of their CIA was completed. They also 7

8 predicted that their Boards of Directors would be very substantively involved in post-cia compliance programs, she added. According to Riordan, the OIG also heard a lot about the value of training. The primary question in this area, she said, was about whether training should be determined by a specified number of hours or whether it should be more qualitative in nature. Participants also recommended that disclosure programs be continued, because this is a good way to allow employees to raise compliance issues. More broadly, she said, people thought that having a disclosure program really plays a role in measuring and ensuring compliance. The participants also uniformly agreed that it is important to continue field-based monitoring activities, said Riordan. But the participants hoped there would be more flexibility in terms of future field monitoring, she added. Companies likewise expect to continue ride-alongs with sales representatives, said Riordan. But they may be fewer in number in the future and/ or focused more heavily on what are deemed to be emerging risk areas. Finally, the Roundtable discussed IRO-type reviews, she said, with most companies suggesting that having an outside reviewer examine certain aspects of the business would likely be continued after a CIA, but on a less frequent and more focused basis. In general, Riordan said, the participants considered it a good idea to bring outside people in to look at certain issues, but that IROs cost a lot of money and that some of that benefit could be recognized by using internal auditing resources. Future compliance challenges According to Riordan, participants also discussed what are likely to be the biggest compliance challenges in the future. Here, not surprisingly, we heard that one of the biggest challenges facing everybody are changes in regulatory and other requirements, she said. As noted above, many participants discussed the Sunshine Act requirements and similar state law reporting requirements, as well as the difficulty of staying abreast of these requirements and then meeting what could potentially be conflicting requirements. Social media and technology were identified as areas of growing area of concern, said Riordan. You can control your own websites, but what people say about your products on social media websites is much harder to keep track of, she said. This is an area where participants uniformly wanted more guidance from the government and thought that was very necessary. According to Riordan, other areas of concern included changing business models around the world, downsizing at many companies, and changes in the way sales representatives interact with healthcare practitioners Some participants also talked about the fact that their companies are now starting to outsource more tasks., said Riordan. She said this includes everything from research and development to certain sales and marketing functions. I think everybody understands the need to maintain flexibility in the face of these changes, she said. Think broadly On the subject of flexibility, Riordan encouraged the Disclosure Summit attendees to think broadly about ways that transparency and disclosure come into play within their organizations. While everybody is currently focused on aggregate spend issues, I think it is also important to think about transparency and disclosure more Riordan encouraged attendees to think broadly about how transparency and disclosure come into play within their organizations. broadly, she said. Riordan said this includes consideration of how sales representatives interact with doctors, as well as whether they are giving truthful complete non-misleading information. Riordan said the same types kinds of questions can be asked about the publication of research results and educational activities. For example, companies should determine if there is transparency around the educational activities the company is funding and what involvement the company may have in some of these activities, she asked. We in the OIG have been stressing the importance of transparency and disclosure for many years in many ways, she concluded. The industry is definitely moving in the right direction, but I think we all also recognize that there is a lot of work to be done. 8

9 OIG enforcement OIG Senior Counsel highlights traditional and non-traditional risk areas At the recent Pharmaceutical Regulatory and Compliance Congress in Washington, D.C., OIG Senior Attorney Mary Riordan s discussion of the OIG s new Work Plan and enforcement priorities was ranked by attendees as the most useful address. Riordan said the OIG s Work Plan is a great outline of the OIG s intentions for the year, as well as a good road map for people to think about in terms of potential compliance risks. Here are the specific items that she highlighted, along with her recommendations regarding compliance: NEW AREAS OF REVIEW Physician-owned distributorship issues. One new item highlighted by Riordan involves physicianowned distributorships (POD), which are business arrangements in which physicians may own medical device distributors that may be the source of the devices the physicians, in turn, use in surgeries in hospitals and other settings. Currently, PODs seem to be focused in the surgical areas and involve primarily orthopedic implants, such as spinal implants and joint implants, she said. However, PODs also appear to be growing quickly in other areas such as cardiac implants, she added. Due to concern that Congress expressed to both the OIG and CMS about PODs, one of the agency s new Work Plan items is to review these entities in the context of spinal implants that are purchased by hospitals and used by the physicians who may be part of these PODS, she said. Reviews of entities that do not enter CIAs. Another new area highlighted by Riordan involves situations where entities settling fraud cases were not agreeable to entering into a corporate integrity agreements (CIA). In these instances, the agency may conduct audits or evaluations of entities that refuse to enter CIAs, she said. CIAs allow for an ongoing dialogue between the company and the OIG, she explained. If we don t have a CIA, we may feel the need to look into those practices in a different way with our audit resources or our evaluators. ONGOING AREAS OF REVIEW Riordan said the OIG will also be looking at a number of more traditional areas of review that have been included in prior Work Plans. Many of these are focused in the drug pricing arena. Part B drug issues. Riordan said the OIG s scrutiny of Medicare Part B will include many of the pricing comparisons the agency has done in the past, such as comparing Average Sales Price (ASP) to Average Manufacturer Price (AMP), and other price points. We will again look at uses of particular drugs that are reimbursed under federal healthcare programs, said Riordan. In particular, she said, the agency plans to look at Medicare payments for drugs and biologics that are used on an offlabel basis in the area of oncology. The agency also plans to examine the extent the offlabel off-compendia On the Medicaid Drug Rebate side, we are planning quite a bit of work, said the OIG s Mary Riordan. uses of medications that are billed to Medicare and Medicaid and the extent to which listings in compendia support the coverage of those products. Medicaid drug rebate issues. On the Medicaid Drug Rebate side, we are planning quite a bit of work, said Riordan. She said this will include audits of manufacturers to examine the methodologies they use to calculate AMP and Best Price, particularly in light of some of some of the changes to the definition of AMP that have been included in recent legislation. The agency will also attempt to determine whether manufacturers are timely in submitting their required information, she added. The Deficit Reduction Act (DRA) and the Affordable Care Act (ACA) imposed new requirements on manufacturers in terms of paying rebates related to authorized generics and to new versions of existing drugs, she noted. 9

10 Part D issues. On the Part D side, the OIG will be looking at annual changes in prices for brand name prescription drugs, the safety and efficacy of Part D drugs, and rebates that drug manufacturers pay to Part D sponsors and PBMs, said Riordan. The agency will also examine potential conflicts within the P&T Committees of Part D plan sponsors to determine how these conflicts are disclosed and addressed. FDA issues. The OIG also plans to examine some FDA issues, including the 510(k) approval process, said Riordan. That work is ongoing and we expect to issue a report this year on those issues, she reported. The OIG will also look at the extent to which the FDA ensures that drug companies are complying with the Risk Evaluation and Mitigation Strategy (REMS) program for high-risk drugs, she added. WHAT DOES THIS MEAN FOR PHARMA? Here are some of the specific action items suggested by Riordan: Pay attention to PODs. Riordan s first recommendation to drug companies was to pay attention to PODS and to attempt to determine whether they are engaged in any arrangements with physicians who may have ownership in any of the PODS. If your company is involved in those arrangements, you should check those to make sure they are compliant with the requirements of the Antikickback statute, she cautioned. Pay attention to drug price reporting and calculation issues. Drug manufacturers should also pay attention to drug price reporting and calculation issues, said Riordan. I know this side of compliance activity is not always the most exciting, she said. But there is a lot going on in this area and I think it is probably worth some compliance-related focus over the next year or so. Report information in a timely fashion. Another step that companies should take is to make sure they are reporting timely information, said Riordan. There is no reason to be late and to then be subject to civil monetary penalties, she said. Review methodologies for calculating AMP and Best Price. Riordan also recommend that companies review their methodologies for calculating AMP and Best Price to make sure they are sound and legally compliant with the new obligations imposed by the DRA and the ACA. This is an issue the OIG will be looking at, warned Riordan, adding that she still sometimes sees new False Claims Act cases where relators allege that manufacturers failed to include the appropriate transactions in their calculations of AMP and Best Price. Pay attention to rebates. I would definitely pay attention to your rebate practices, said Riordan. Make sure you are paying the rebates for the authorized generics and on the Medicare Part D side. Examine price setting practices. Finally, Riordan advised companies to look at their price setting practices and make sure they understand the reimbursement benchmarks that may be used for purposes of federal healthcare programs. As I mentioned, I think a number of states will be moving away from AWP and using some other type of benchmark, she said. You should be aware of what those are and to the extent that your company is affirmatively reporting pricing Riordan advised companies to look at their price setting practices and to make sure they understand the reimbursement benchmarks for federal healthcare programs. information that is used for setting reimbursement you need to make sure that those submissions are complete and accurate. DRUG PRICING AND REIMBURSEMENT ISSUES Average Wholesale Price. Riordan also highlighted some of the work the OIG has done related to drug pricing and drug reimbursement issues. In June, she noted, the OIG issued a report relating to the potential replacement of Average Wholesale Price (AWP) as a pricing benchmark for state Medicaid programs in setting their reimbursement for prescription drugs. Riordan pointed out that First Databank, one of the major publishers of AWP, indicated that as of 10

11 September 2011 it planned to stop reporting AWPs. When the OIG surveyed the states to ask them what replacement benchmarks they plan to use, she said, the answers were all over the map. Some have specific plans while others did not, Riordan reported. I think this issue of pricing benchmarks will continue to be important on a going-forward basis, she cautioned. Rebates. According to Riordan, the issue of rebates including the possibility of additional rebates on the Medicare Part D side will be important on a going forward basis as the dialogue continues about the Medicare Part D program. For example, when the OIG examined increases in prices for brand name drugs, it found substantial increases in those prices, she said. But the agency also found that those price increases were substantially offset by rebates that had been paid under the Medicaid Drug Rebate program. The OIG then looked at the net cost to the Medicare Part D program, which has a different rebate mechanism, and found that higher rebates in the Medicaid Drug Rebate program led to lower overall costs for Medicaid when compared to the costs on the Medicare Part D side. All of these areas are illustrative the type of drug pricing issues the government will continue to scrutinize going forward, she said. ENFORCEMENT ISSUES On the whole, the enforcement picture offered by Riordan mirrors the OIG s Work Plan with several new issues added to a broad array of ongoing issues. I think generally in terms of law enforcement activities we will continue to see more of the same kinds of issues we have seen recently, she said. For example, she predicted a continuing an increased focus on administrative actions and potentially criminal actions against individuals. When the OIG discusses the settlement of a case that includes a criminal component it now routinely considers whether any individuals should be held accountable through the exclusion process, she said. Riordan said she also expects to see a large number of cases involving allegations about improper promotion of products for uses that are not approved and/or not covered by federal healthcare programs. But she added that she also expects to see ever larger numbers of False Claims Act actions that allege non-traditional allegations of fraud. Relators are becoming more creative in their allegations, said Riordan. This can include allegations that a drug manufacturer somehow lied to the FDA in the drug approval process, resulting in false claims being submitted to federal healthcare programs, she said, as well as charges that a manufacturer misrepresented information about the safety risks of their products. The Justice Department and the OIG always carefully consider the allegations of any complaint before making an intervention decision, said Riordan. But I can tell you that relators are including nontraditional types of allegations in their complaints, she cautioned, so you should keep those in mind and be prepared to potentially talk to the government about those issues. RECENT TRENDS IN CIAS Riordan said that several recent trends in CIAs are likely to continue. We will continue to try to hold individuals accountable both at the Board level and at the managerial level, she said. For example, recent CIAs have required a much more active involvement by Boards of Directors, including regular meetings or updates about the compliance activities, she noted. More recent CIAs are requiring specifically that Board members get general training about compliance and get specific training that addresses the responsibility of Board members and corporate governance issues, she added. For a number of years, the OIG has also required Board members to sign resolutions indicating that they have reviewed the compliance program and find it to be effective, Riordan noted. If they can t make that representation, we ask them to explain to us why that is, she said. Relators are becoming more creative in their allegations, said Riordan. This can include allegations that a company lied during the drug approval process. The OIG has also been requiring different levels of certifications from people other than the compliance officer to include managers in key areas of the organization, such as the sales and marketing, she added. 11

12 According to Riordan, all of these measures are designed to reinforce the notion that it cannot simply be the responsibility of the compliance officer to ensure compliance in a large organization. The OIG firmly believes there must be buy-in from the top, she said, but companies must also ensure that people at all levels of the organization are embracing compliance. CIAs will also continue to require certain transparency elements, such as disclosure of payments to physicians, she said. COMPLIANCE RECOMMENDATIONS Riordan said that companies that do not currently have a wide-ranging risk assessment and mitigation program in place should consider establishing that type of program. It is very important to keep a big picture view of the activities of your company, she explained, and then to try to identify particular areas of risk. It is easy to get lost in the day-to-day operations of compliance and to be focused on something very specific, such as speaker programs, she added. But I think you also need to step back and think about other ways that your organization might be interacting with the broader community in conveying information about your products. As part of their effort to identify and mitigate risk, companies should consider creative and effective auditing techniques, said Riordan. For example, one challenge that all companies face is how to evaluate and keep tabs on what happens with field sales representatives. During a recent site visit at a pharma company, she said the discussion turned to ways the compliance department was able to use much of the information that it already had for other purposes to help get a view of what was taking place in the field. Riordan said that companies would be wellserved to consider a combination of techniques to review field activities, such as reviewing s, call notes, sample requests, and medical information requests, either for particular sales reps or particular regions as a way to get a handle in fairly real time of what is going on in that part of the organization. Riordan said compliance officers should also think about non-traditional ways their companies may be interacting with customers or decisionmakers about their products. For example, one issue that recently surfaced for the OIG is questions about a company s interactions with state Medicaid payors or PBMs operating on behalf of those payors. As a compliance officer, you should have a handle on what those interactions and activities are, she said, and to see if there is an effective way to try to monitor that. Riordan said companies should also pay attention to communications and arrangements that it may have in place with drug compendia, such as Drugdex, which is Riordan said that companies that do not currently have a wide-ranging risk assessment and mitigation program should consider establishing one. such a fundamental part of the coverage decision for federal healthcare program requirements. In short, she said, compliance officers must try to stay informed about the various activities their companies are engaged in, both traditional detailing sessions and less traditional venues. Be creative and try to think proactively about how you can mitigate risks in those areas and how you can effectively monitor those areas, she advised. Upcoming CBI conferences Life Sciences Congress on Global Anti-Corruption Programs and FCPA Compliance June 12-13, 2012 Washington, DC 8th Annual Medical Device and Diagnostics Compliance Congress June 13-14, 2012 Washington, DC 3rd Annual Social Media Forum Regulations and Compliance June 19-20, 2012 Washington, DC 6th Annual Forum on Sunshine, State Laws and Aggregate Spend August 14-16, 2012 Washington, DC 12

13 Guest commentary Be Proactive and Create a Culture of Compliance: Connecting the Dots between NASA and the OIG By Wendy Heckelman, PhD and Christina Garofano, PhD At the Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum in Washington D.C., OIG Senior Counsel Mary Riordan and former astronaut Richard Mullane spoke on different topics. Riordan delivered an OIG update and Mullane talked about causes and lessons learned from NASA disasters. Although these were very different talks there was a fundamental connection between them that can guide companies to create a culture of compliance and avoid costly fines and prosecutions. Riordan gave the audience a summary of recent OIG actions, areas of focus, and predictions and recommendations. Riordan said she was encouraged by companies under corporate integrity agreements (CIAs) looking to do more than the minimum requirements and encouraged this type of proactive behavior. Mullane provided examples from the Challenger and Columbia disasters to caution biopharmaceutical companies that they need to guard against a normalization of deviance. This occurs when an otherwise good team of people deviate from best practices, and because there are no immediate consequences, they continue to do so until a predictable surprise occurs. He argued that both the NASA disasters and big corporate fines and CIAs are predictable surprises that occurred because of a normalization of deviance, which is another way of stating there was a flaw in the organizational culture of compliance. How can your company be proactive and guard against a normalization of deviance? By combining the recommendations Riordan and Mullane offered with additional best practices we have created the following list to help your company create a culture of compliance and avoid prosecutions and fines: Identify and adhere to best practices and avoid deviating from agreed to practices. Mullane stated that best practices were known at NASA but they were not followed when the group was under pressure. He stressed the importance of adhering to established best practices. For biopharmaceutical companies, this means setting explicit expectations for behavior, especially in tricky situations such as handling off-label questions, and ensuring they are followed. Perform and use risk assessment analyses to identify key areas of risk. Perform a broad risk assessment to identify your areas of greatest vulnerability and address them. Riordan noted that there are new risk areas the OIG has begun to focus on, including dealings with physician owned distributorships which could violate anti-kickback rules. Mullane also noted the importance of listening to people with the most information on an issue because they can be your canary in the coalmine and provide warning early enough to take corrective actions. Perform behavioral training to ensure behavior change occurs. Traditional compliance training focuses on knowledge of By proactively defining, training, monitoring, and following-up on compliant behavioral expectations, companies can create and maintain a culture of compliance. regulations and policies, but the normalization of deviance described by Mullane is not based on a knowledge-deficiency. It is a behavioral issue. Companies need to ensure that all employees receive regular training and reinforcement on behavioral expectations to help create and maintain a culture of compliance. Behavioral training requires that learners have the opportunity to practice and receive feedback on observed behavior. 13