Understanding the Key Challenges when Entering into a Corporate Integrity Agreement

Transcription

1 Understanding the Key Challenges when Entering into a Corporate Integrity Agreement

2 Understanding the Key Challenges when Entering into a Corporate Integrity Agreement Not long ago, Corporate Integrity Agreements (CIAs) were considered something that happened only to healthcare organizations, such as large hospital chains and big pharma companies. Today, that couldn t be further from the truth as pharmaceutical, medical device, and biotechnology companies of all sizes and product portfolios are entering into CIAs. While 2011 was considered a slow year for new CIAs (see Chart 1), based on the number of government inquiries that have been announced in the last several years, it is likely that there will be an increasing number of new CIAs announced in the near future. The Office of Inspector General (OIG) of the Department of Health and Human Services negotiates CIAs with life sciences companies and healthcare organizations to settle federal health care program investigations arising under a variety of civil false claims statutes. Companies agree to the obligations in the CIA, and in exchange, the OIG agrees not to seek the company s exclusion from participation in Medicare, Medicaid, and/or other federal healthcare programs. CIAs have many common elements, but each one addresses the specific facts at issue and often attempts to accommodate and recognize many of the elements of a company s pre-existing compliance program. Implementing a CIA While most companies have a general understanding of CIA requirements, some companies might be surprised to learn what it takes to manage the monumental task of CHART 1 Sources: Office of Inspector General of the U.S. Department of Health and Human Services ( U.S. Department of Justice ( huronconsultinggroup.com

3 Corporate Integrity Agreement incorporating all CIA requirements into a company s daily operations. Implementation of a CIA is a significant change management effort for many companies. After a CIA is finalized, the generally required 120-day implementation period begins. There are a significant number of work streams that must be simultaneously managed and requirements that must be implemented within the 120-day period. These are time-consuming activities that require more planning and resources than many companies realize. If a company waits until its CIA is signed before it begins to plan for and implement the CIA provisions, it is potentially setting itself up for an agonizing four months of organizational challenges. The more proactively a company plans for implementing its CIA the less challenging the experience will be. This paper highlights some of the key challenges companies may encounter as they begin the process of operationalizing their CIAs. It addresses many of the pertinent areas of a CIA that must be considered and provides checklists of questions that should be answered if a company is to be fully prepared for operating within the structure of the CIA. For companies not currently preparing for a CIA, the considerations outlined below provide insight into the government s expectations regarding compliance programs. Companies should consider using this information to benchmark their compliance program activities and address identified gaps or weaknesses in their policies, procedures, processes, and systems. q Who will define and identify Covered Persons and Relevant Covered Persons and make sure training is provided for these individuals within the specified window of time (generally, 120 days after the effective date of the CIA)? q Who will own the process of initial and ongoing identification of a company s Covered Persons and Relevant Covered Persons? q Who will lead the initial and ongoing identification process of Vendor Covered Persons (i.e., contractors, subcontractors, agents, and others who perform promotional functions or product related functions on behalf of the company)? q Who will determine the initial and ongoing identification of Global Employees and Contingent Workers (i.e., part-time or per diem employees, contractors, subcontractors, agents, or others)? q Who will identify sources of Covered Persons data (e.g., HR, Business, Procurement, financial systems) and compile the necessary information? WHO IS COVERED? While many CIAs have their own definitions of Covered Persons and Relevant Covered Persons, every company must define and identify the universe of people in each of these groups. Although the process may sound straightforward, it frequently is not, especially when it comes to identifying vendors and other third-parties. The more decentralized a company s contracting process is, the more challenging it may be to identify all vendors and other third-parties. Accurate identification of all Covered Persons is important because the company must provide CIArelated training and conduct required screening of these covered persons against government exclusion lists on an ongoing basis based on the specific requirement of the CIA. 3

4 CORPORATE INTEGRITY AGREEMENT TRAINING AND CERTIFICATION Generally, all persons covered by the CIA must receive at least one hour of training within 120 days of the effective date of the CIA. The training, at a minimum, must explain the requirements of the company s CIA and the code of conduct. In addition, all Relevant Covered Persons generally must receive two to four hours of specific training that is applicable to their specific job functions. This is in addition to the one-hour general training. MANAGEMENT CERTIFICATIONS Most recent CIAs require company officers and specified employees to sign certifications stating that they understand the compliance requirements and responsibilities of their positions, and attesting that those requirements have been met. The certification further states that the employee has relayed any possible instances of potential misconduct to the appropriate authorities for further review and follow-up. q Who will be responsible for managing and administering general and specific training? The training needs to be created and made available to all Covered Persons and Relevant Covered Persons so they can take the training within the required time period. q Who will be responsible for developing content? q Will a vendor be used? If so, who will select the vendor? What criteria will be used to select a vendor? q How will training be tailored to different audiences? q What is the mechanism for delivering the general and specific training (e.g., is there an electronic delivery system in place)? q If so, can the system track those who have completed training? q Can it be used to obtain code of conduct certifications? q Who will identify, notify, and train management who are certifying employees? q What is the scope of all applicable federal healthcare program and Food and Drug Administration (FDA) requirements? For example, does it include government price reporting, good manufacturing practices, etc.? q Who will identify the appropriate types and amount of information to provide to certifying employees in order to make them comfortable with signing their certifications, which are provided to the federal government as part of the company s annual report to the OIG? q Should there be sub-certifiers and, if so, who determines who they are? How far down into the organizational structure should individuals be required to sub-certify? q Who owns the process? q How will the company handle departures of certifying employees during the reporting period? q Can the system be used to train nonemployees (e.g., vendors and/or contractors)? q How will training be delivered to the company s officers and directors? How will their certifications of completion be obtained? q How will the company meet ongoing training and certification requirements for new Covered Persons (company and vendor), and new Relevant Covered Persons? 4

5 Corporate Integrity Agreement BOARD RESOLUTIONS For each reporting period of the CIA, each member of the company s board of directors must personally sign a resolution attesting that the board believes, to the best of its knowledge, that the company has implemented an effective compliance program and followed federal law and requirements, as well as the obligations of the CIA. q Who will develop an effective board resolution timeline that addresses the entire reporting period? q What is the scope of the applicable federal healthcare program and FDA requirements? q What are the appropriate types and amount of information to provide board members in order to get each individual member of the board comfortable with signing the resolution? q Who owns the process? COMPLIANCE MONITORING AND AUDITING Most of the recent CIAs require companies to implement promotional monitoring programs and non-promotional monitoring programs. Depending on the CIA, these programs may involve some or all of the following: speaker programs, ride-alongs with sales representatives, reviews of sales representative records, (e.g., expense reports, s), consultant arrangements with HCPs, researchrelated activities, publication activities, and medical education grants. q Are existing policies and procedures adequate to meet the CIA s requirements? Are they robust enough to support the monitoring and auditing program that is required by the CIA? q Who will develop the necessary monitoring and sampling protocols? q Who will develop the monitoring templates and appropriate reporting templates to capture observations and report potential compliance concerns? q To whom will potential compliance violations be reported and how will the company ensure they are properly investigated and remediated as necessary? q Does the CIA permit the use of outside consultants to conduct monitoring? If not, are there adequate resources in the compliance department to actually conduct the extent of monitoring and auditing required by the CIA (in addition to any other monitoring activities it might already be conducting)? What other functions/departments could be trained to perform compliance monitoring? CONCLUSION A CIA has a profound and long-lasting impact on all levels of the affected company, from sales representatives to the board of directors. Therefore, companies should enter into a CIA knowing that proper advanced planning and cross-functional preparation will put the company in the best position to have a successful and well managed CIA process. The good news about CIAs is they are essentially roadmaps to what the government wants to see in an effective compliance program. Companies can learn from this process by benchmarking their current compliance programs against the most recent CIAs to determine where current policies, procedures, processes, and systems could be improved. By implementing a more robust compliance program, a company can lessen its chances of being subject to a CIA in the future or it can at least insure it is better prepared if it enters into one. 5

6 CORPORATE INTEGRITY AGREEMENT About the Authors Tracy Mastro is a Senior Director for Huron Life Sciences. Tracy has spent the last 15 years providing consulting services to healthcare and life sciences companies. She provides CIA implementation and IRO readiness services to numerous pharmaceutical and medical device manufacturers and directs many of Huron s IRO projects. Paul Silver is a Managing Director and leads Huron Life Sciences. Paul has been in the life sciences industry for 24 years. He regularly provides advice to pharmaceutical and medical device companies operating under a CIA. Paul is also leading numerous IRO projects for companies operating under CIAs. Tracy Mastro tmastro@huronconsultinggroup.com Paul Silver psilver@huronconsultinggroup.com YOUR MISSION OUR SOLUTIONS Huron Consulting Group helps clients in diverse industries improve performance, comply with complex regulations, reduce costs, recover from distress, leverage technology, and stimulate growth. The Company teams with its clients to deliver sustainable and measurable results. Huron provides services to a wide variety of both financially sound and distressed organizations, including healthcare organizations, Fortune 500 companies, leading academic institutions, medium-sized businesses, and the law firms that represent these various organizations. Learn more at huronconsultinggroup.com v 27Oct Huron Consulting Group Inc. All Rights Reserved. Huron is a management consulting firm and not a CPA firm, and does not provide attest services, audits, or other engagements in accordance with standards established by the AICPA or auditing standards promulgated by the Public Company Accounting Oversight Board ( PCAOB ).