Privacy Is The "New Compliance" for the Life Sciences Industry

Twenty years ago, the pharmaceutical industry was about to be hit with what was then the largest settlement in its history. At $875 million, the settlement hit TAP Pharmaceuticals for violating marketing laws, fraud charges, and filing false claims with Medicaid. The event ushered in a new era of governmental compliance guidance from the Office of the Inspector General ("OIG") (See the OIG Compliance Guidance for Pharmaceutical Manufacturers) and from industry with the PhRMA Code. The age of commercial compliance was born, and it changed the landscape of how the pharmaceutical industry– and now, more broadly, life sciences – does business. 

I joined TAP on September 24, 2001 as VP Chief Compliance Officer and Privacy Officer – just four days before the resulting TAP Corporate Integrity Agreement, the first of its kind, was signed with the Office of the Inspector General. (And one day before my birthday – what a present!) Not many people had experience with compliance then, and though I'd previously been operating my own healthcare compliance consulting firm, figuring out how to navigate this new world was largely about learning on the job. I found myself relying on my Marine Corps Officer training, where I was taught to adapt and overcome, think on my feet, and stay calm and focused on an objective -- to accomplish the mission. 

The Marines had also taught me that to accomplish any mission, you've got to take care of your people, give clear direction, hold others accountable, and lead by example. I applied that thinking here, too. I knew I needed to get my colleagues to want to comply. To do that, my team and I needed to build trust and respect with all levels of personnel – not only executives and board members, but peers and subordinates, too. How could we do this, when compliance was perceived as a burden? If we wanted to win over hearts and minds, we learned that we needed to answer the questions, “Why do I need to comply? And what's in it for me if I do?”

This new thinking around compliance was – and still is – about more than just doing what is legal; it's about doing what's right. So we equated compliance with actions driven by values. We worked to create a culture of trust based on a shared desire to enable and empower the sales force to compete and win aggressively in a compliant way. To truly understand and support sales' challenges and motivations, the compliance team needed to listen to them. Across the business, we built pride in our team by aspiring to be the best and receiving recognition for it. Instead of approaching compliance as a chore, we defined it as a positive, measurable, and solutions-oriented achievement. And that made all the difference in our success.

Covid-19 is a catalyst for a new era of compliance risks

The TAP Settlement drew a clear line between how our industry handled compliance pre- and post-2001. Covid-19 is affecting life sciences in the same dramatic way. The pandemic has been a catalyst for new compliance issues in ways, and to a magnitude, that no one could have foreseen. As we've all been forced into a world of chronic, electronic communications, we are also required to rely on the security of these platforms. This includes not just talking, but transmitting documents and sharing sensitive information. It also includes commercial operations, like selling. Privacy and data security issues have always existed, but they are now magnified due to additional dependency and risks. Think of it this way: Privacy is the new compliance. It's become a central component that must be integrated into any modern, compliance program. 

A shift in legislation regarding healthcare and privacy is compounding these risks. Consumer-oriented laws that have already taken hold in Europe are trickling into the United States. These requirements go beyond HIPAA, informing and enabling consumers to make decisions about what information is collected and by whom and whether to opt out. The California Privacy Rights Act ("CPRA"), for example, which goes into effect in 2023, follows Europe's requirement for an opt-out provision for consumers. Other states, including Virginia and Nevada, and the federal government have proposed similar legislation. Given the risks driving this new legislation and the priorities of the Biden-Harris administration, there's a high likelihood that momentous new privacy legislation will be enacted in the near future. In short, we're on the threshold of a new age of legislation that will require new implementation.

[Graphics courtesy of the International Association of Privacy Professionals (IAPP)]

How will these new compliance risks affect your life sciences business? 

It's been true for decades, but now more than ever, having a chief compliance and/or chief privacy officer is critical. Though privacy and data security are different, they go hand-in-hand and, together, they're giving rise to a new set of considerations. Commercial and business teams and senior leadership will need to adjust trainings, policies, and procedures. They should audit and monitor everything that goes along with ensuring strategies are effective and are enabling responsible corporate citizenship. 

What this really comes down to is having a set of core principles around protecting sensitive personal information with the utmost regard. It's about keeping the trust of your customers, the people whom you serve, and the people who work for you. Ultimately, senior leaders should ask themselves, “How would I want my family's health care information to be treated?” The clear answer should be, “With the utmost of care.” 

An inspired approach from leadership builds a culture of compliance – of doing the right thing. It also builds integrity, loyalty, and security within your company culture, which, yes, yields added sales. Remember, this is what compliance is really all about! It's enhancing your credibility and reputation -- building TRUST -- while insulating yourself against potential claims. There's a rational element here, but also a personal one that touches people's hearts. It makes abundant sense – and it has a measurable, net-positive business effect.  

One silver lining of Covid is faster-than-ever medical advancements. We are only now at the beginning of understanding what could lead to incredible scientific discoveries. But its side effects include drastically increased compliance risks.

Enlightened leaders will define these new challenges as an opportunity to invest in and strengthen their organizations' privacy and data security processes. Be smart and build TRUST by investing in cutting edge software that enhances your data security and privacy protections and that is thoughtfully applied by experts who understand your life sciences business and its unique mix of compliance and privacy risks...and join the IAPP!

Building a company that does what's right, not just what's required, extends to privacy and data security, too!

To learn more, please feel free to contact me at [email protected], 617-800-3704 and visit our website at TRESTLE Compliance, LLC. (www.trestlecompliance.com)

#compliance #complianceofficer #trestlecompliance #lifesciencecompliance #privacylaw #datasecurity #covid #IAPP #International Association of Privacy Professionals #OneTrust

Copyright ? Steve Vincze 2021