Now more than ever, regulatory compliance is becoming strategically significant for Big Pharma. Compliance now requires coordination
not only across companies on a global level, but across departments, including regulatory, legal, marketing, information services,
human resources, and more. The burden of compliance for industry is underscored in the Office of the Inspector General's 2012
fiscal year projections; OIG's involvement in healthcare fraud and abuse activities led to a recovery of $3.8 billion in fiscal-year
2010, exceeding the target goal of $3.4 billion. It's all hands on deck to create an industry of trust and transparency, all
built around a "compliance culture." To help companies plot a new course, Pharm Exec surveys the landscape and highlights current trends that promise to raise the stakes on compliance even further in the year
ahead. The key point is to discover what it takes to not only observe the letter of the law, but to stay one step ahead of
it—all from a global perspective.
Getty Images / Jason Edwards
"Proactive compliance is more than simple data collection," says the new white paper "Federal and State Sunshine Act Compliance
Readiness," by Alliance Life Sciences. "It is about comprehensively protecting and enabling your business to mitigate risk
and address regulatory requirements, while increasing efficiencies and reducing cost." Certainly, advice such as this is applicable
across the board, concerning compliance around the Sunshine Act, off-label marketing, and other compliance challenges today.
"Inside the pharmaceutical industry, compliance has grown. Compliance needs to assist the business units in operationalizing
the legal and regulatory requirements and still have the business be able to do what it has to do," says John Oroho, executive
vice president of Porzio Pharmaceutical Services, a subsidiary of the law firm Porzio, Bromberg, and Newman. Porzio Pharmaceutical
Services advises companies on how to comply with current regulations in the industry. "Compliance officers have taken a more
significant role in companies, and the compliance departments have gotten bigger because it is necessary for companies not
only to understand what the requirements are and to operationalize them, but then you've got to show them that you are adhering
to those best practices and adhering to the regulatory requirements," he says.
The Sun(shine Act) Will Come Out Tomorrow
By this point, pharma should have all its ducks in a row when it comes to gearing up for the Sunshine Act. However, even though
pharma was initially required to begin reporting physician payments as the law stipulates by Jan. 1, there may still be some
pitfalls to avoid.
"When the Sunshine Act was proposed, pharma supported it because it was going to give some uniformity to what had been a hodgepodge
of different requirements state to state," explains Oroho. This means that as of Jan. 1 pharma would have had to track financial
interactions with physicians and teaching hospitals. And on March 31, 2013, the first report of these interactions (anything
over $10) will have to be reported by pharma to Health and Human Services (HHS). HHS then has until September 30, 2013, to
make that information available to the public in an easy-to-use, searchable website.
Now for the bad news: the specifics on how drug and device makers are supposed to submit info on payments to physicians—specifics
that were supposed to be delivered by the Centers for Medicare and Medicaid Services (CMS) on October 1, 2011—were not released
until December 15, 2011. The October 2011 deadline would have given pharma companies 90 days to digest the specifics of the
regulations before they began tracking spending information on Jan. 1; specifics that, one could argue, are essential to know
and understand in order to know exactly what to start keeping track of.
In light of the passing of the October 2011 deadline and the continuing absence of specifics from CMS and HHS, a letter was
drafted from BIO, PhRMA, Consumers Union, AdvaMed, Community Catalyst, and Pew Health Group to HHS on October 25, 2011, requesting
that the Jan. 1 deadline be extended.
"Delays in establishing procedures for the submission and public reporting of the required information will make it increasingly
challenging for manufacturers to know whether they are meeting their statutory obligation as they begin to collect data in
2012. Given that Congress intended that industry have three months to complete implementation based on the government procedures
following the October 1, 2011, statutory date to implement the new provisions, we request that a similar time period be permitted
following establishment of final procedures for the submission and public reporting of 2012 information for companies to achieve
full compliance," the letter reads. "An absence of established procedures could harm both the companies who are trying to
comply with the law and the public who stands to benefit from increased transparency of these relationships."
The finally-released guidelines acknowledge the delay in this way: "Due to the timing of the publication of this notice ...
a final rule will not be published in time for applicable manufacturers and applicable GPOs to begin collecting the information
required ... on Jan. 1, as indicated in the statute. We will not require applicable manufacturers and GPOs to begin collecting
the required information until after the publication of the final rule ... We seek comment on the amount of time [needed]
following publication of the final rule in order to begin complying with the data collection requirements ... We are considering
a preparation period of 90 days, since we believe this was the time period intended by Congress ... and [we] are requesting
comments on whether that is a sufficient amount of time." Comments are being accepted through Feb. 17 of this year.
Clearly, Jan. 1 has come and gone, with the promised CMS guidelines turning up only weeks before the new year—and the show
must go on. In the absence of timely guidelines, Oroho advises the Jiminy Cricket mentality: Let your conscience be your guide.
"What you're trying to do with compliance is influence behavior so that people do it just because it's the right thing," he
says. "If people are acting on a values-based proposition, rather than doing it so they don't get caught or penalized, you
will have less improper behavior. I look at compliance as being the conscience of a company."