Orchestrating Compliance

Marketing and sales departments make projections quarters—sometimes years—in advance. Finance groups crunch numbers on a strict schedule. But continual shifts in the healthcare regulatory environment have made the job of compliance officers unpredictable. Traditionally, this uncertainty has led to a perception of compliance activities as invasive, particularly for product managers whose entire strategies can be disrupted when eleventh-hour kinks are thrown into their plans.

But it doesn't have to be that way. By being aware of current and pending regulatory issues—and setting an agenda upfront for how to respond—compliance officers at pharma companies can move from being one-person bands to orchestra conductors: Rather than playing the instruments themselves, they should ensure that all players are reading from the same sheet of music. This approach will allow compliance officers to anticipate the processes and hurdles their organizations will have to endure, rather than just responding to them.

Agenda Time

Two years ago, OIG released its "Compliance Program Guidance for Pharmaceutical Manufacturers." While companies have made significant progress in responding to the seven elements outlined by OIG, some aspects require more attention.

First, healthcare-law policies and procedures affect all parts of the organization. Making sure that all policies are in place and that all healthcare-law risk areas are covered can be a daunting task. Therefore, compliance officers need to collect all policies and processes across the organization and conduct a gap assessment to identify areas that are not covered, or require updating. There are typically between 12 and 15 risk areas that need to be addressed by healthcare-law policies, while the total number of policies covering all risk areas can range from 150 to 200. Policies need to be aligned and made consistent across the different areas.

Second, most companies have substantially changed their healthcare-law policies and procedures. Audits will validate whether the new policies have been adopted by the organization and whether further development and refinement of the policies are needed. In addition, companies need to document audit methodologies and findings in order to learn from past experience and reviews, and to track progress. Considering the large volume of such data, plus the need to retain information for five to 10 years, companies may choose to automate this process.

In addition to the issues addressed above, compliance officers must remain vigilant as new risks emerge. The following seven risk areas should be considered high on the agenda for the coming year:

1. Funding of CME grants

2. Payments to healthcare professionals

3. State laws

4. Clinical trials

5. Pricing

6. DTC advertising

7. International compliance

1. FUNDING OF CME GRANTS

Funding of CME programs exposes pharmaceutical companies to several potential compliance risks, including anti-kickback and off-label promotion concerns. Although addressed in OIG's 2003 "Guidance for Pharmaceutical Manufacturers," many companies still have not solidified their positions on CME-grant decision-making. Some have taken a literal interpretation of OIG guidance and have removed decision-making authority from the marketing and sales functions. Others have made different fixes to protect against conflicts of interest between their companies' promotional and educational activities. While risks are apparent, most companies have chosen to continue funding CME due to its valuable contribution toward improving healthcare.

In addition to the longstanding risks associated with CME, recent actions taken by the Senate Finance Committee show that CME remains top-of-mind with government authorities. In June, Senators Charles Grassley (R-IA) and Max Baucus (D-MT) had letters sent to major pharmaceutical companies requesting information on their policies and processes for CME-grant funding. Specifically, the senators want to ensure that CME is not "a backdoor way to funnel money to doctors and other individuals who can influence prescribing and purchasing of particular prescription medicines, including off-label prescriptions." This type of intensity of scrutiny shows that compliance officers must actively pursue appropriate policies and practices related to CME, and monitor and enforce compliance with these policies.

2. PAYMENTS TO HEALTHCARE PROFESSIONALS

Whether through speaker programs, consultant meetings, or investigator studies, pharmaceutical companies employ many healthcare professionals as contractors. These relationships are important to furthering pharmaceutical research as well as improving the knowledge base of healthcare professionals in general. Healthcare contractor relationships are governed through multiple regulations and voluntary guidelines, including the anti-kickback statute, the PhRMA Code, and others. These rules are focused on ensuring that contractor payments do not constitute inducements that could bias prescribing behavior.

In addition, the recently updated ethics manual for the American College of Physicians, the nation's largest medical-specialty society, stated that even small payments may create the appearance of impropriety and that physicians and pharmaceutical companies must take care to ensure transparency in all financial transactions. While most major pharmaceutical companies have made progress in developing consistent payment methodologies to ensure compensation at fair market value, many still struggle with implementing the policies.

Effective implementation depends on a culture change, as it will require companies to change the way they have been conducting business. The role of the compliance officer is to make sure that policies concerning payments are developed, communicated, and accepted by the business. This includes, but is not limited to, setting policies around annual and daily payment caps to physicians, developing exception processes, and educating meeting-planning companies on the new policies. As this is a high-risk area with many parts of the organization involved, auditing for adherence becomes an essential part of the successful implementation of these policies.

3. STATE LAWS

California Law SB 1765 will remain on the compliance radar in the immediate future because annual limits need to be tracked, and new policies and procedures implemented and audited. Since the effective deadline of July 1, 2005, has passed, compliance officers should turn their focus to implementing any remaining organizational changes—updating internal systems to support tracking against the limit, and developing reporting and auditing protocols to document compliance with the law. In addition, this may lead to developing stricter policies where internal systems may lack the ability to accurately track against the limit.

Prior to July 1, publications warned that advocacy groups like CALPIRG and others would be ready with various theories of litigation. In order to heed the warnings, compliance officers should consider some of the following points: Companies that have based their spend limit on the average spend on physicians may want to reconsider because physicians could be receiving more than 10 to 15 times the average spend in any given year. Simulation analysis can provide an indication of what the maximum spend per physician is.

Furthermore, companies that have set a low spend limit will need to set strict policies and procedures in order to ensure they remain in compliance. This may involve reconsideration of marketing and sales practices, such as reducing or eliminating use of premium leave-behinds in favor of informational materials, reducing or eliminating in-office meals provided by representatives, and/or reducing or eliminating speaker- and consultant-program meals. Changing policies requires the timely training of, and communication with, the sales and marketing organizations, and the auditing of actual spending to physicians to prevent companies from going over the limit.

Although Maine has delayed its initial report due date until 2007, state laws from Vermont, Minnesota, West Virginia and the District of Columbia must be complied with, despite some states (WV, DC) not yet defining their reporting periods. For some states, this will involve reporting expenditures to physicians, including gifts. Pressure against allowing gifts to physicians is also being exerted by the American College of Physicians, whose Ethics Manual recently claimed, "The acceptance of individual gifts, hospitality, trips, and subsidies of all types from the healthcare industry by an individual physician is strongly discouraged. The acceptance of even small gifts has been documented to affect clinical judgment and heightens the perception (as well as the reality) of a conflict of interest." With increasing political and industry pressure, policies and procedures will need to be revised, relevant staff trained, and regular auditing conducted to ensure that policies are being adhered to. Companies may consider establishing a specific department or group to handle the increasingly demanding state-law requirements, similar to departments established to handle government pricing.

4. CLINICAL TRIALS

There are multiple issues brewing in clinical trials. The most widely discussed is the issue of publication of clinical-trials data. Again, there is combined political and industry pressure in this area. The federal and various state governments are looking at the publication of clinical-trials data. As of July 2005, Congress has a Fair Access to Clinical Trials Act pending, and at least sixteen states introduced bills related to clinical trials in the 2005 sessions, three of which have passed (IL, ME, VA). Additionally, the International Committee of Medical Journal Editors (ICMJE) took action in September 2004 by declaring that none of the 11 publications they represent would publish any articles discussing clinical trials that were not registered. ICMJE published guidance on the issue, in May 2005.

While there are multiple potential avenues of publication available—corporate Web sites (www.lillytrials.com) or government Web sites (www.clinicaltrials.gov)—many questions remain unanswered. Pharmaceutical companies will have to decide what data they are going to publish, when, and where. The compliance officer must ensure that any policies currently in place relating to clinical trials and publication of clinical-trial data are updated as necessary. For example, publications budgets should be moved from marketing to medical, or an independent part of the organization (similar to grants), in order to avoid the implications of a conflict of interest. Financial and authorship disclosures must be robust and transparent, and include acknowledgements for contributions (editorial or other) from any pharmaceutical companies, and financial support, both to vendor and author. This will involve updating current policies and procedures, and offering training to publications' committees and vendors—for example, on the ICMJE guidelines.

5. PRICING

While government pricing and managed markets have always been major compliance risk areas, the initiation of the Medicare Part D prescription-drug benefit, which begins on January 1, 2006, will add further complexity to this area. The usual suspects of anti-kickback, false claims, and conflict-of-interest all play a role. Risk areas, such as contracting with PBMs, reimbursement support, patient assistance programs, and relationships with purchasers and formulary-committee members, will all come under more scrutiny. Compliance officers will need to be vigilant and ensure full compliance with their policies and procedures, update them if necessary, and train and educate appropriate staff on compliance issues related to the program.

6. DTC ADVERTISING

DTC advertising has been in the regulatory spotlight since its emergence as a major pharmaceutical-industry marketing vehicle. After several recent developments, this spotlight seems to be shining even brighter. In early June, citing changing consumer sentiment, BMS pledged not to promote any of its drugs with DTC in their first year after launch. Later that same month, Senate Majority Leader Bill Frist (R-TN) called on pharmaceutical companies to voluntarily restrict DTC advertising for two years after a drug is approved by FDA. Frist's statement has been met with opposition from the Washington Legal Foundation (WLF) and others, based on First Amendment concerns.

PhRMA recently established a set of voluntary DTC communications guidelines. It's clear that each company's position on DTC must be examined, and policies will have to be rewritten. New strategies might have to be considered for product launches, and the compliance officer will play a pivotal role in creating timely awareness and educating the brand teams. In addition, based on possible new guidelines and public opinion, and competitive pressures, the compliance officer might anticipate DTC changes and develop policies for the marketing teams.

7. INTERNATIONAL COMPLIANCE

Pharmaceutical companies can expect continued enforcement of the Foreign Corrupt Practices Act (FCPA) by the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ). The SEC has prosecuted several US pharmaceutical companies for violating the FCPA in Germany, Poland, and Italy. In addition, the DOJ has invoked the anti-bribery provision of the FCPA as it prohibits offering payments to foreign officials. Gifts to a physician working for a hospital in Germany are considered bribes to a foreign official because the German government employs physicians working for hospitals in Germany.

In addition, foreign governments are in the process of developing guidelines similar to OIG, and are enforcing laws similar to the Anti-Kickback and False Claims Acts abroad. As global awareness of compliance increases, there will be pressure to synchronize compliance efforts on an international level. To prepare, US compliance officers can begin this process by consulting with their international counterparts to gain understanding of the relevant issues.

Words Into Action

With an agenda in hand, the remaining question for compliance officers is: How can they take action? They should start by defining roles and responsibilities. To ensure that compliance activities are effectively orchestrated, compliance officers should ask:

• What is legal's role in policy setting?

• What is the role of marketing or sales in enforcement?

• Who is involved in auditing?

Compliance officers should convene meetings with leadership personnel across these various functions to define who plays which role. For example, a determination that corporate legal is responsible for setting healthcare law-related policy will avoid confusion and redundant efforts. After roles have been set, the next step is making sure that all parties work together toward their common goal of company-wide compliance. This involves ongoing oversight and guidance of those involved in day-to-day activities. By working closely with all involved functions, the compliance officer can ensure that everyone is on tempo and in tune.

Ultimately, for compliance to become an enduring part of an organization, it must become ingrained as a core value, not just a reactive fire drill. Consequently, a compliance officer's clearest test of success is the ability to make compliance part of company culture. This can be achieved by communicating the view that compliance benefits the organization, and does not just add an additional cost or impediment to business activities. These benefits include reduced risk of regulatory scrutiny, and improved public perception and corporate ethics. By focusing on training and collaborating closely with the business, compliance officers have an opportunity to create a new corporate value.

Andy Bender (abender@polarismanagement.com) is president, Noah Shannon (nshannon@polarismanagement.com) is director, and Judith Braun-Davis (jbraundavis@polarismanagement.com) is a compliance specialist for Polaris Management Partners.