Compliance and Reporting The Case for a Single System

Pharmaceutical companies are awash in a sea of compliance regulations that affect their business operations both inside and outside the US. This August, one more compliance wave will crest when the Physician Payments Sunshine Act (PPSA) begins requiring pharmaceutical companies to track and report virtually all payments to health care providers (HCPs). Outside the US, payments to foreign nationals are tracked to make sure they don’t violate The Foreign Corrupt Practices Act (FCPA). Failure to comply with these regulations can lead to serious financial penalties, criminal prosecution, and damaged corporate reputation.

Typically, pharmaceutical companies might comply with these two initiatives (PSSA and FCPA) by creating separate teams, each with its own applications for data capture and compliance processing. Unfortunately, creating a new IT system for each set of regulations leads to faulty data, more work for compliance personnel, and needless costs for system development.

To create meaningful global compliance programs, pharmaceutical companies should instead build solutions on single platforms that integrate with accounting and other management systems, automatically route investigative work tasks, and compile information for reports.

Let’s take a closer look at PSSA and FCPA, and how pharmaceutical companies can create a stronger compliance programs, reduced violation risk, and simplified systems with less investment.

The Physician Payments Sunshine Act (PPSA)

Beginning on August 1, 2013, PPSA requires all drug, device, and medical supply companies operating in the US to report any payment or benefit given to a HCP.

Compliance with PPSA presents challenges because HCP payments are usually recorded in different systems – meals and small expenses through expense reporting systems, unrestricted research grants through medical affairs systems, and honorariums for speaking through marketing event management systems.  Simply linking these systems to reconcile the data can be difficult when the HCP lists are not coded similarly and other data may be complicated because of individual exceptions

To comply with PSSA, companies must be able to trace any payment above $10 to HCPs.  Theoretically, the simplest way to do this is to capture the amount spent from the system that recorded the business transaction, event, or activity.  While that’s simple in concept, it becomes a challenge across disparate systems.

For example, consider a pharmaceutical marketing event with several international health care providers as featured speakers.  The speakers will be paid honorariums, so each needs to be vetted through a compliance process.  But that process only guides the organization as to whether or not those providers should be offered a contract to speak.  Separate tracking determines whether they actually spoke at the event and earned their honorarium.  Tracking likewise must occur for all attendees because a free lunch was provided.

Introducing entirely new systems to track PSSA information increases the burden on users, ultimately decreasing the quality of data captured and increasing non-compliance risk.

The Foreign Corrupt Practices Act

The FCPA prohibits anyone with a connection to the US from offering, authorizing, or giving “anything of value” to a foreign official in order to obtain an improper business advantage. In many countries with national healthcare systems, any facility that provides healthcare, services, or treatment operates under the purview of the respective government can be seen as a government agency, and its employees can be considered foreign officials.

A single $10,000 unauthorized payment to a foreign official can cost a company millions in fines and substantially more in remediation costs.  Because of some recent egregious examples of corruption and bribery, US officials have repeatedly threatened to file charges against company executives – not just their companies – for FCPA violations.

To ensure FCPA compliance, pharmaceutical companies should start with risk-based due diligence before contracting third parties.  That means examining the relevant experience a third party brings to the table, the justification for selecting that third party, and whether any possible FCPA risks exist.

Given the potential for conflicts of interest, pharmaceutical companies often outsource due diligence and investigative work.  This strengthens compliance, but makes coordination, control, and documentation retention more difficult.  Pharmaceutical companies also need a system for reporting and responding to questions and breaches in the field, including easy methods to report suspected illegal conduct.

Two Sides of the Same Coin

In many respects, the FCPA and the PSSA are two sides of the same coin. As mentioned previously, however, separate groups each with their own applications, may be charged to comply with FCPA and PSSA.  Splitting systems increases costs and decreases user compliance because of the complexity and increased manual entry workload.  What’s more, the commercial off-the-shelf (COTS) software packages typically used for compliance often require substantial modification to fit within existing processes. Maintaining and upgrading the applications is often costly.

The best solution would utilize data from existing systems, processing and pulling it out for compliance examination and reporting. A single platform must integrate with existing accounting and other management systems, to fill the “white spaces” that exist between systems where compliance information leaks out, automatically route investigative work tasks, and easily compile information for reports.  With the right platform, compliance staff can identify the logical points to collect required information and deploy a fix with maximum capture and minimal disruption.

Let’s return to our earlier example of the pharmaceutical marketing event with international attendees. The event management system is the most likely system of record for generating the data required for compliance reporting.  Unfortunately, information on who actually attended is often recorded on paper and doesn’t get into the event management system without hand re-entry.

A targeted solution to fix this gap could come from wrapping the event management system with a flexible business process management platform and mobile user interface so attendees can be tracked by checking their names off on an iPad application list.  This check-in application could be integrated with the compliance application, allowing data of who actually received gifts of value to flow without additional user input.  If travel expenses were paid, the work automation platform could integrate with a corporate travel system and pull appropriate records for PSSA reporting.

Conclusion

Many internal and external resources are involved in the FCPA investigation and compliance process, as well as PSSA tracking. Work automation platforms with built-in collaboration technologies enable staff to compile information, feedback, attestations, due diligence reports, and payment histories from multiple organizations into one secure location for review, while maintaining security and auditability.

An intuitive collaboration capability also allows investigations to be completed faster since most of the time required for an investigation is eaten up in the waiting between steps.  Making collaboration actions available on mobile devices shortens average response times that much further.  Rapid collaboration leads to faster decisions, reduced risk of improper payments, and improved response to requesters and the parties they want to engage.

By using the most efficient and innovative technological platforms, compliance officers will be able to develop multi-purpose robust anti-corruption programs as a defensive mechanism in the event of an alleged violation. Work automation platforms with social collaborative technologies enable an entirely new approach to applications, one that helps minimize compliance effort and maximize protection.

James Pierce is the Pharmaceutical Solutions Leader for Appian. He can be reached at james.pierce@appian.com