CIA compliance price tag
So what is the cost of complying with a CIA over five years? Ginor says it's usually two or three times the settlement amount.
GSK didn't respond to an inquiry on the estimated cost of its current CIA, but other executives with previous and current
experience working under CIAs agree that roughly 80 percent of the requirements mandated by a CIA should already be happening
inside of a well-run company. Given the prevalence of CIAs, though, a lot of companies still seem to need a nudge in the right
In addition to internal compliance programs and teams, CIAs also require independent review organizations (IROs) to monitor
and report on a company's progress. Curiously, these IROs are often the same companies—PriceWaterhouseCoopers, Ernst & Young,
and Deloitte—that are already employed by pharma as business strategy consultants. IRO contracts are certainly lucrative for
the contract players involved, and their intimate knowledge of the client's business, where it's headed and where it went
wrong, no doubt makes the audit and reporting processes run more efficiently. But is it not, too, an obvious conflict of interest,
even if "firewalls" have been erected between practice areas at these large firms? So far government hasn't raised this issue,
and Riordan seemed unmoved by the question. "These companies have done a fair amount of work in this area, and have very specialized
units that are focused on pharma operations," she said.
Government enforcers: change agent or bully?
By design, CIAs are forward-looking; they exist as a way to help protect government programs from fraud, waste, and abuse.
But can CIAs help push industry into the new business model they seem ready to embrace, if only the financial models can be
changed? "I would say that we are constantly looking at the CIAs that we have, and what we're receiving under the reports
from those CIAs, and constantly assessing what we think is effective, and what should be in future CIAs, and other things
that we should not use in the future," says Demske, adding that the OIG conducted a roundtable with pharmaceutical companies
to get feedback on which provisions—from an industry perspective— are most effective in promoting compliance. A report summarizing
the roundtable findings was published (available at bit.ly/OIGReport), and well-established CIA requirements are weighed and
discussed, including sales rep ride-alongs, physician payment disclosures, best practices for working with independent review
organizations, and changing business models.
Regarding CIA compliance, "we have very few instances of non-compliance with CIAs" among major pharmaceutical companies, says
Demske. "In our experience they put a lot of resources into insuring that they are in compliance...it's fair to say the pharmaceutical
industry has had a good record of compliance under CIAs." Understandably so, given that monetary penalties and possible exclusion
from government programs are the two primary dangers of non-compliance. If pharma could comply with the law to begin with,
perhaps the OIG and Justice Department wouldn't have to come up with new provisions to prevent law-breaking in the future.
Or maybe the old business model perpetuates overselling and excess utilization, and government CIAs will be one of the tools
that finally helps push industry into selling on the basis of quality instead of quantity. Either way, expect the CIAs of
the future to continue building on the precedent set by GSK's CIA. "Your clinical, regulatory, and compliance person is likely
to be the most important person in your company over the next few years," says Ginor. "If you're director of sales increases
revenues by a few million dollars, that's great. But if your director of compliance blows it, and you wind up in a CIA, you're