EpiPen® misclassification cost $1.27B over 10 years, says OIG

If the EpiPen® had been classified as brand name instead of generic for purposes of the Medicaid Drug Rebate Program, CMS would have saved $1.27 billion from 2006 to 2016, the HHS Office of Inspector General (OIG) found. This estimate is far greater than the $465 million settlement that the federal government and EpiPen’s manufacturer, Mylan Inc., entered into in October 2016 concerning the classification of the drug under the Program (see Mylan settles EpiPen Medicaid rebate dispute for $465M, Health Law Daily, October 11, 2016).

“The fact that the EpiPen overpayment is so much more than anyone publicly discussed should worry every taxpayer,” said Sen. Charles Grassley (R-Iowa). Grassley reported that CMS recently provided records showing that Mylan was made aware of the misclassification years ago but failed to act (see Federal EpiPen® spending up 463 percent, Mylan misclassified drug as generic, Health Law Daily, October 6, 2016). At the time Sen. Elizabeth Warren (D-Mass) opposed the settlement, calling it “shamefully weak” (see Warren: EpiPen® Medicaid rebate settlement shows ‘crime does pay,’ Health Law Daily, October 26, 2016).

Manufacturers generally owe a higher rebate amount for brand-name drugs than generic under the Medicaid Drug Rebate Program. The basic rebate amount for a generic drug is based on a percentage (currently 13 percent) of its average manufacturer price (AMP) (see 42 C.F.R. Sec. 447.509). The basic rebate amount for a brand-name drug is based on the greater of (1) a fixed percentage (currently 23.1 percent) of the drug’s AMP; or (2) the different between the drug’s AMP and best price. In addition to the rebate amount, manufacturers of brand-name drugs (and, beginning in 2017, manufacturers of generic drugs) pay an inflation-related rebate amount if a drug’s price has increased more than the rate of inflation.

The EpiPen controversy led Grassley to request that the OIG review the Medicaid Drug Rebate Program (see HHS Inspector General to investigate Medicaid Drug Rebate Program, Health Law Daily, December 12, 2016).

Kusserow on Compliance: OIG and DOJ raising stakes on board compliance obligations

From the days of the first compliance guidance documents from the HHS Office of Inspector General (OIG), it has called for a “top-down” compliance program, beginning at the Board level. For example, it issued a joint White Paper, titled Practical Guidance for Health Care Governing Boards on Compliance Oversight,” which emphasized holding boards more accountable for proper oversight of compliance within their organizations. Language from these pronouncements about Board obligations and use of compliance experts is now included in corporate integrity agreements (CIAs). During the 2017 Health Care Compliance Association (HCCA) Compliance Institute, speakers from the OIG discussed a number of changes in CIAs, including new mandates for Board members. The OIG believes a key factor in determining effectiveness of the compliance program is how well the Board has been meeting its fiduciary duties and responsibilities for overseeing compliance. If it finds the organization has an effective program with proper oversight by the Board, the OIG may decide that a CIA is unnecessary or mitigate terms and conditions.   However, if it finds the program is inadequate, there will be a CIA and it will include stringent requirements for the Board. Among the best practices for Boards is to include one or more members who are “compliance literate” to ask the right questions and assess program effectiveness.  A compliance-literate person is someone with experience and expertise from having been a compliance officer or a consultant to compliance programs.  Alternatively, Boards should engage compliance experts to provide advice on asking compliance officers the right questions, evaluating the answers, and determining what metrics to rely upon in determining compliance program effectiveness.  By following one or both of these steps, Boards can go a long way to ensure they are meeting their fiduciary duties and responsibilities.

The Department of Justice (DOJ) has also been ramping up to better focus on Boards meeting their fiduciary obligations in guarding against corporate wrongdoing. Its Fraud Section published “Evaluation of Corporate Compliance Programs” as guidance for compliance officers on how the adequacy of their companies’ compliance programs is evaluated by prosecutors.   They laid out a series of questions prosecutors are likely to ask in evaluating the effectiveness of compliance programs. The following highlights questions that relate to Board involvement in compliance oversight.

  • What compliance expertise does the Board have or not have to meet its fiduciary obligations?
  • How frequently does the Board meet with the compliance officer and outside experts (auditors and consultants) outside the presence of management?
  • What information does the Board receive to assist it in its compliance oversight?
  • How does the Board evaluate the compliance program effectiveness?
  • How does the Board determine resources necessary for the operation and management of the compliance program?
  • How have management and the Board followed up on identified potential problems?

Tips and suggestions for compliance officers

Compliance officers should:

  • educate the Board on its fiduciary obligations and personal consequences for not meeting them;
  • meet with the Board regularly, including in executive session without management presence;
  • ensure that the Board receives all types of relevant audit findings and remediation progress reports on a regular basis;
  • urge the Board to include one or more members who are “compliance literate” to assist in evaluating compliance program effectiveness and be able to ask the right questions; and
  • engage compliance experts to assess the program before encountering the DOJ and OIG and use results to brief the Board evidencing they are providing active compliance oversight.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

Kusserow on Compliance: More details on new DOJ corporate compliance guidelines

Previous blogs outlined the Department of Justice (DOJ) Fraud Section’s “Evaluation of Corporate Compliance Programs” guidance for compliance officers. Since then, many have inquired about getting more specific details on questions the DOJ is now using to determine the adequacy of compliance programs, particularly as they relate to management and Board oversight.  Subsequent to the publishing of the Evaluation, the HHS Office of Inspector General (OIG) at the recent Health Care Compliance Association (HCCA) Compliance Institute also reported modifying its corporate integrity agreements (CIAs) to increase accountability of organization leadership, including the Board, that follows a similar path to that of the DOJ.  With these changes in mind, the following recaps in more detail the DOJ list of “important topics and sample questions” it now uses when evaluating the effectiveness of corporate compliance programs. This 119-question resource offers great insights for compliance officers working to build and enhance their compliance programs. These guidelines have grown out of the DOJ’s hiring of Compliance Counsel Expert Hui Chen in November 2015. One thing to remember about these guidelines is that they relate to all industry sectors.  As such, they track with the U.S. Sentencing Guidelines, but don’t focus on the health care sector in the way the OIG compliance guidance documents do.

Filip Factors

The Principles of Federal Prosecution of Business Organizations in the United States Attorney’s Manual describes specific factors that prosecutors should consider in conducting an investigation of a corporate entity, determining whether to bring charges, and negotiating plea or other agreements. Commonly known as the Filip Factors, they include “the existence and effectiveness of the corporation’s pre-existing compliance program” and the corporation’s remedial efforts “to implement an effective corporate compliance program or to improve an existing one.” The guidance was formulated to evaluate compliance programs after violations have been discovered and examining the existing misconduct as the benchmark against which the compliance program will be evaluated. It focuses on testing existing compliance programs and outlining steps that should be taken when problems are discovered to demonstrate a pre-existing commitment to compliance. It is also intended to inform the public about federal prosecutors’ review of compliance programs under the Filip Factors. There were eleven highlighted topics covered, as noted below, along with tie-in with OIG guidance, and followed with types of questions that one can expect the DOJ to ask when it confronts corporate misconduct.

 1. Analysis and remediation of underlying misconduct. The OIG guidance stresses seeking out weaknesses identified to ensure they are addressed and prevent misconduct in the future.

  • Has the organization done an analysis to see if there was a systematic failure in compliance?
  • Did the company miss prior opportunities to detect the misconduct?
  • Has the company evaluated why those opportunities were missed?
  • What remediation was undertaken once a problem was discovered?
  • What specific changes has the company made to reduce the risk of a reoccurrence?

2. Senior and middle management. This tracks to the OIG call for “top-down” compliance programs beginning at the Board and executive levels and cascading down through all levels of management.

  • Did senior managers, through their words and actions, encourage or discourage the misconduct in question?
  • Has senior leadership taken concrete steps to demonstrate commitment?
  • Does the Board have access to the right expertise to help it perform its oversight function?

3. Autonomy and resources. Prosecutors look for signs of “autonomy,” such as whether compliance personnel have “direct reporting lines to anyone on the board of directors” and whether “relevant control personnel in the field have reporting lines to headquarters.” The OIG has been calling for this type of independence for compliance offices for decades, which permits unfiltered information to flow between the compliance officer, CEO, and Board. The DOJ also looks for signs of “empowerment,” such as instances where “specific transactions or deals . . . were stopped, modified, or more closely examined as a result of compliance concerns.”  With the relatively recent hiring of full-time compliance counsel at the Fraud Section, this has been a particular point of focus.

  • Does the compliance function have the right resources and stature within the company to perform effectively?
  • Was the compliance department involved in the training and decisions relevant to any misconduct?
  • Does the compliance department have appropriate independence?

4. Policies and procedures. Policies and procedures are a foundational component of any corporate compliance program, and the Compliance Program Guidance devotes considerable attention to this topic, as does the OIG in its guidance documents. As a threshold matter, prosecutors consider the “design and accessibility” of policies and procedures—including whether they are tailored to a company’s risk profile, have been effectively implemented and communicated, and have been evaluated to ensure usefulness. Prosecutors also consider the “operational integration” of a company’s compliance policies and procedures—including the adequacy of payment systems and other controls that should have helped detect or prevent misconduct.

  • Did the company have policies and procedures in place that prohibited the misconduct?
  • Has the company assessed whether its policies and procedures were effectively implemented?
  • Are key gatekeepers adequately trained?
  • Was the program properly integrated and were adequate controls put in place to detect misconduct?

5. Risk assessment. This factor relates to the OIG guidance relating to ongoing monitoring and auditing of high risk areas.

  • What methodology has been used to identify, analyze and address the risks the organization faced?
  • Does the company collect information and metrics to adequately assess risks?

6. Training and communications. As with the OIG guidance, there is considerable expectation that all covered persons will undergo compliance training on high risk areas, governing laws and regulations, and what to do when misconduct is believed to have occurred.

  • What training was in place and is it properly tailored for high-risk or control employees?
  • Is the training offered in the right form and language for the target employees?
  • How does the company communicate to employees about any misconduct that does occur?

7. Confidential reporting and investigation. Like the OIG, the new guidelines focus on the means by which employees and others may report potential wrongdoing, as well as how this information is acted upon by the organization.

  • Does the company have in place an effective way of collecting and analyzing allegations of misconduct?
  • Does the company ensure investigations have been properly scoped, conducted, and documented?
  • Did the investigation look to root causes of the misconduct?
  • Did the investigation go high up enough in the company?

8. Incentives and disciplinary measures. The OIG stresses consistent implementation of disciplinary action for wrongdoers, without regard to station within the organization.

  • Is there proper accountability, as demonstrated by discipline for managers under whose watch misconduct occurred?
  • Is the application of discipline consistent?
  • Is there an incentive program for good compliance and ethical behavior?
  • Can the company point to specific examples of actions taken (such as promotions or awards denied) as a result of compliance and ethics considerations?

9. Continuous improvement, periodic testing, and review. The OIG calls for compliance officers to ensure that there is an audit work plan that focuses on identified high-risk areas. Many of these high-risk areas are specifically identified in its compliance guidance documents, advisory opinions, annual work plans, etc.

  • What types of audits would have identified the misconduct at issue and were they conducted?
  • Did management and the board follow up on audit findings and failures? Does the company test its controls?
  • Does the company routinely update its compliance program and make sure it adequately addresses current risks?

10. Third party management. In the case of the OIG, considerable attention and concern is placed on arrangements with individuals in a position to influence the flow of business. It calls for an Arrangements Database that includes processes, policies, and monitoring of such agreements.

  • Does the company’s third party management process adequately analyze risk?
  • Are there appropriate controls with regard to third parties?
  • Does the company adequately respond to third-party red flags?
  • Has company suspended, terminated, or audited a third party as a result of compliance issues?

11. Mergers and acquisitions (M&A). This analysis focuses on due diligence and integration.

  • In the event misconduct is discovered after a merger, was proper due diligence conducted during the M&A process?
  • How has the compliance function been integrated into the M&A process?

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.

 

Kusserow on Compliance: Compliance officers should have active roles in CIA negotiations

Laura Ellis, HHS Office of Inspector General (OIG) Senior Counsel, has a reputation for managing the most difficult and complicated corporate integrity agreements (CIAs) on behalf of the OIG. At the recent Health Care Compliance Association (HCCA) Compliance Institute, she urged compliance officers not to sit on the sidelines while a CIA is being negotiated with the OIG.   They should be actively involved in all facets of negotiation and should not wait to be involved until the agreement is signed and put into effect. She reminded everyone that once the CIA is signed, the compliance officer will be the face of the company to the OIG, not the attorneys.   From years of experience, she has found attorneys negotiating terms and conditions of a CIA often don’t have the operational experience to fully understand all the implications of what is being committed to in terms and obligation. As a result, it is not uncommon for attorneys to come back to the OIG after a CIA has been executed to try to renegotiate points.   This is triggered as result of management and the compliance officer realizing what is involved in meeting the terms and condition.   Ellis stated that the OIG is not inclined to reopen CIA negotiations.  The mistake was not having the compliance officer on the front end of negotiations and present during the negotiation process.  As the CIA settlement process takes shape, the compliance officer needs to:

  • be part of the negotiations;
  • review and comment on all drafts;
  • create a basic plan from the draft to determine what it takes to meet obligations;
  • conduct a min-gap assessment of what it takes to do what the CIA would require;
  • begin work on implementation strategies; and
  • start the process to determine resource needs to meet obligations.

Ellis also made the point that attitude matters once a CIA is in place, and compliance officers should work with the monitor in an open and honest way. A positive working relationship between the monitor and the compliance officer is to everyone’s best interest.  The earlier in the process that they get to know each other, the better.

Thomas Herrmann, J.D., was previously responsible on behalf of the OIG for negotiating CIAs and providing monitors, and subsequently gained many years of consulting experience working with more than a dozen clients with CIAs and as an independent review organization (IRO).  He says that what many fail to understand is that, although the OIG is involved in the Department of Justice (DOJ) settlement process, a different OIG attorney will be assigned as negotiator for the CIA.  Once the agreement is executed, it is passed on to a different OIG attorney to be the monitor to assure compliance with the terms of the CIA.   A very common mistake is for attorneys to deal with issues handled by someone earlier in the process, or in effect, re-litigate.  This is a big mistake.  The OIG will not re-litigate or interpret decisions made by the DOJ.  At the same time, the OIG monitor is definitely disinclined to deal with issues that were or should have been addressed with the OIG negotiator.  Herrmann goes on to explains that the OIG views the organization’s legal counsel as filling an adversarial role, but once things are executed, the OIG does not want to continue dealing with the advocate.  The focus of the relationship with the OIG should be on meeting the terms of the CIA. Herrmann sees it as a huge mistake for the legal counsel to continue making arguments or try to modify terms with the monitor, as this frequently leads to aggravation of matters and creates additional problems for the organization.  The monitor wants to deal with how the organization will meet its obligations, and that means working with the compliance officer to determine how the terms and conditions of the CIA will be fulfilled.  It behooves compliance officers to get to know their monitor as quickly as possible, evidence their commitment, and exhibit an attitude to work out what it takes to get the job done.

Carrie Kusserow has over 15 years’ compliance officer and consultant experience; in fact, she was brought in to be the compliance officer to an organization under a CIA while Laura Ellis was the monitor. Her experience with Ellis was precisely what Ellis explained during her presentation.   Maintaining the focus on meeting the obligations of the agreement is very important for credibility and permits ironing out of issues. By listening carefully and responding to Ellis’ questions openly in a forthright manner, Kusserow developed a very good working relationship.  This made work easier for everyone.  Compliance officers need to listen carefully to what the monitor expresses, working as needed and then immediately following up to report actions taken. The focus must stay on getting the job done to the satisfaction of the OIG.  It is also critical that the compliance officer at all times be “straight up” and honest with the OIG.  If this is done, then a bond of trust can be developed that can iron out details that are sure to arise. This can permit seeking non-adversarial clarification of terms and conditions. On the other hand, failing to develop a proper working relationship with the monitor can result in lack of understanding and increased work for everyone. As such, as soon as the CIA is signed, the compliance officer should come into direct contact with the OIG monitor.

Suzanne Castaldo, J.D., has worked both as a litigator and compliance consultant dealing with numerous organizations with CIAs. She confirmed what Ellis noted about attorneys negotiating with the OIG without active involvement of either management or the compliance officer. In almost every case, it has created avoidable issues.  She strongly recommends that anyone engaging a law firm to assist with CIA negotiations insist on including knowledgeable members of management and the compliance officer in all meetings with the OIG.  All terms that are being negotiated should be reviewed and assessed by them to understand all implications and resulting work obligations. Many attorneys will not find this to their liking and may argue against it.   However, not being part of this process reminds one of “arriving at the dance after it is over.”

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on Google+ or LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2017 Strategic Management Services, LLC. Published with permission.