What do compliance professionals that have been under a Corporate Integrity Agreement (CIA) come away with after the experience? A Government-Industry Pharmaceutical Compliance Roundtable convened by the Office of Inspector General (OIG) of the Department of Health and Human Services (HHS) on February 23, 2012 provided an opportunity for OIG to get such feedback from compliance professionals (participants) in the pharmaceutical industry. OIG said that it will consider the participants comments as it evaluates provisions for future CIAs.
A goal of the Roundtable was to identify compliance measures participants found effective and for OIG to share these with others within and beyond the pharmaceutical industry. Although the compliance professionals did not always share OIG’s view about certain aspects of CIAs, OIG said that the participants offered valuable feedback about specific CIA provisions and compliance activities. Although five topics were discussed by the participants and OIG representatives in small breakout sessions, only the fifth topic, Compliance Post-CIA, will be discussed in detail.
Topic 1: Challenges in Implementing CIA requirements, which included discussions on the definition of “Relevant Covered Person,” the deadlines for the initial implementation of CIA requirements, training requirements, the health care provider notice letter, payment-posting requirements, and working with Independent Review Organizations (IROs). Participants expressed concern in identifying Relevant Covered Persons and meeting CIA deadlines noting that time frames were too short to allow for effective development of company-specific policies, procedures and training materials.
Topic 2: Compliance Program Structure and Oversight, which focused on boards of directors’ oversight of, and participation in, compliance-related activities and integration of compliance activities into business functions beyond the compliance department. Participants uniformly agreed that it is critical for boards of directors to be involved in compliance oversight and that the integration of compliance efforts into business activities materially enhances compliance effectiveness. Participants reported that these requirements lead board members to better understand compliance issues and ask more questions about compliance and their own potential liability.
Topic 3: Risk Identification and Monitoring Activities, which focused on risk-assessment processes and methods by which companies conduct internal monitoring. OIG noted that while most CIAs do not explicitly require companies to engage in a specific process to identify compliance risks, most participants indicated that their companies routinely engage in a variety of risk-assessment activities. Participants commented on various types of monitoring activities and recommended that CIAs allow for increased flexibility with regard to required monitoring activities.
Topic 4: Policies, Procedures, and Training Activities, in which insights were offered on the development and dissemination of policies and procedures and training activities at their companies. Participants raised the concept of competency-based training and requested more flexibility in developing and implementing training.
Topic 5: Compliance Post-CIA, in which participants identified CIA-required compliance measures that they would recommend their companies continue after the term of the CIAs. According to the report, most participants expected their companies to continue a number of compliance activities following the conclusion of the CIA. Participants predicted, however, that their companies would tailor these measures to the companies’ risks and priorities.
Compliance Measures Recommended to Be Retained
Certifications and board involvement: Participants agreed that management certifications are valuable and would likely be continued because the certification process promotes compliance throughout the company and generates personal accountability for compliance. Participants also predicted that boards would continue to be substantively involved in post-CIA compliance programs and that such involvement would be vital.
Training and disclosure programs: Participants indicated that their companies would continue training efforts but would make the training more flexible and tailor it to their companies’ current risks and values likely emphasizing the quality of training over the number of hours of training. Participants recommended that disclosure programs be continued because they permit employees to raise compliance issues and underscore that every employee has a role in ensuring compliance.
Field monitoring: Participants expected their companies to continue to monitor field-based activities after their CIAs ended; however, the monitoring likely would become more flexible to focus on current risk areas.
IRO-type reviews: Participants anticipated that their companies will continue to rely on external parties such as IROs to conduct reviews on a limited basis for special projects and work related to current risks. Some participants believe that internal audits would be equally beneficial.
OIG asked participants to predict the biggest compliance risks likely to face their companies and the industry in the next 5 years. Anticipated challenges include the following:
Changing regulatory and other requirements: The biggest compliance challenge identified was staying abreast of changing requirements and regulatory complexities, especially in the area of transparency. An example would be the requirements related to the Patient Protection and Affordable Care Act sunshine provisions and the analogous, but different state reporting requirements. Other challenges participants’ companies face are associated with new government requirements, including those related to accountable care organizations.
Social media and technology: Participants also identified growing future challenges associated with information about products found on the Internet, including on social media Websites. This includes information posted by manufacturers as well as other information found on the Internet. Participants were concerned with the lack of clarity and guidance in these areas and expressed a desire for additional guidance from the government.
Changing business models: Participants noted challenges associated with adapting to future changes in their companies and the pharmaceutical industry. Such challenges include ongoing changes in the interactions between their industry and health care providers; increased outsourcing of certain functions such as promotion and research and development; and finding qualified staff to undertake compliance activities.
OIG hoped the report would be useful to providers outside the pharmaceutical industry as they seek to enhance their own compliance programs.