CIA compliance price tag

So what is the cost of complying with a CIA over five years? Ginor says it's usually two or three times the settlement amount. GSK didn't respond to an inquiry on the estimated cost of its current CIA, but other executives with previous and current experience working under CIAs agree that roughly 80 percent of the requirements mandated by a CIA should already be happening inside of a well-run company. Given the prevalence of CIAs, though, a lot of companies still seem to need a nudge in the right direction.

In addition to internal compliance programs and teams, CIAs also require independent review organizations (IROs) to monitor and report on a company's progress. Curiously, these IROs are often the same companies—PriceWaterhouseCoopers, Ernst & Young, and Deloitte—that are already employed by pharma as business strategy consultants. IRO contracts are certainly lucrative for the contract players involved, and their intimate knowledge of the client's business, where it's headed and where it went wrong, no doubt makes the audit and reporting processes run more efficiently. But is it not, too, an obvious conflict of interest, even if "firewalls" have been erected between practice areas at these large firms? So far government hasn't raised this issue, and Riordan seemed unmoved by the question. "These companies have done a fair amount of work in this area, and have very specialized units that are focused on pharma operations," she said.

By design, CIAs are forward-looking; they exist as a way to help protect government programs from fraud, waste, and abuse. But can CIAs help push industry into the new business model they seem ready to embrace, if only the financial models can be changed? "I would say that we are constantly looking at the CIAs that we have, and what we're receiving under the reports from those CIAs, and constantly assessing what we think is effective, and what should be in future CIAs, and other things that we should not use in the future," says Demske, adding that the OIG conducted a roundtable with pharmaceutical companies to get feedback on which provisions—from an industry perspective— are most effective in promoting compliance. A report summarizing the roundtable findings was published (available at bit.ly/OIGReport), and well-established CIA requirements are weighed and discussed, including sales rep ride-alongs, physician payment disclosures, best practices for working with independent review organizations, and changing business models.

Regarding CIA compliance, "we have very few instances of non-compliance with CIAs" among major pharmaceutical companies, says Demske. "In our experience they put a lot of resources into insuring that they are in compliance...it's fair to say the pharmaceutical industry has had a good record of compliance under CIAs." Understandably so, given that monetary penalties and possible exclusion from government programs are the two primary dangers of non-compliance. If pharma could comply with the law to begin with, perhaps the OIG and Justice Department wouldn't have to come up with new provisions to prevent law-breaking in the future. Or maybe the old business model perpetuates overselling and excess utilization, and government CIAs will be one of the tools that finally helps push industry into selling on the basis of quality instead of quantity. Either way, expect the CIAs of the future to continue building on the precedent set by GSK's CIA. "Your clinical, regulatory, and compliance person is likely to be the most important person in your company over the next few years," says Ginor. "If you're director of sales increases revenues by a few million dollars, that's great. But if your director of compliance blows it, and you wind up in a CIA, you're cooked."