The Value of CIAs for Life Science Professionals

If you haven’t ever heard, been “primed on” or seen a CIA-tailored compliance program in the Life Sciences industry, then you must be working either for a very new, obscure or exceptional company. CIAs are the norm these days and most companies tailor their Compliance, Ethics & Integrity Programs around them………The fact is that many lessons can be learnt by astute Legal and Compliance folks - who wish to fine tune their own in-house programs - by keeping abreast of the evolution in CIA requirements which target operational areas of “key concern” (or topical industry interest).

Should a corporation be subject to an investigation for fraud, abuse or misconduct under a variety of US Federal healthcare legislation, then the Office of Inspector General (attached to the Dept of Health & Human Services) will typically negotiate a Corporate Integrity Agreement (CIA) as part of the settlement of alleged civil false claims.

Given the sheer volume of oversight legislation, the complexity of inter-mingling healthcare operations and accounting practices, the number of financial “vested interests” in the health system and the imperfections in most companies / organizations which deal in “healthcare”, there is a robust library of CIAs to reflect upon. Indeed, not too many “notable” companies are immune or absent from the “CIA Follow-up” list.

Whilst there may be some irony in keeping “good company” with many Fortune 500 companies in the CIA Hit List (no pun intended), there is nothing worse than finding oneself in “breach” of a legal undertaking to the US government or even in flagrant ignorance about existing CIA requirements amongst personnel within a leading organization. Importantly, a corporation may be subject to exclusion from US Federal healthcare programs for a material breach of an existing CIA and also subject to monetary penalties for less significant breaches.

The bottom line is that there are so many extant CIAs – which highlight “targeted” activities which many companies routinely engage in - that savvy Life Sciences professionals should be paying very close attention to what OIG is expecting, in both the short and long term.  Such an investment of time would bring untold benefits to the organization in (i) focusing keen attention on high value activities, (ii) in educating the workforce, (iii) in bridging “compliance gaps”, and (iv) in protecting the assets and reputation of the company.  

What is the legal framework which sits behind a CIA?

It is an understatement to observe that the legal framework, regulating healthcare in the US, is both expansive and expensive.

The starting point is to appreciate the legal landscape in which the corporation operates in, both in its resident jurisdiction but also in all international markets in which it has a presence.  The US Federal Healthcare laws and regulatory requirements form the legal basis of CIAs and comprise the following:

• Federal Food, Drug & Cosmetic Act
• US False Claims Act
• Federal Anti-kickback Act
• Foreign Corrupt Practices Act
• Medicaid Rebate Program Act
• Federal Civil Money Penalty Act
• Federal Exclusion Statute
• Sarbanes Oxley

Other US laws and regulations address issues such as Privacy, Off-label Drug Promotion, Medical Education, Fraud & Abuse Safe Harbours, as well as the OIG Compliance Guidance for the Pharma Industry.

All of these statutes deal with specific areas of business and regulatory operation, and are fundamentally designed to “protect patients and the public purse” against fraud and abuse.

Elements of a CIA

A comprehensive CIA typically lasts 5 years and includes the following key requirements which a subject corporation should address:

• Hire a compliance officer/appoint a compliance committee;
• Develop written standards and policies;
• Implement a comprehensive employee training program;
• Retain an independent review organization to conduct annual reviews;
• Establish a confidential disclosure program;
• Restrict employment of ineligible persons;
• An obligation to report overpayments, reportable events, and ongoing investigations/legal proceedings; and
• Provision of an implementation report and annual reports to OIG on the status of the organization’s compliance activities.

What is “caught” in a CIA?

CIAs have many common elements, with each one addressing the specific facts at issue whilst also endeavoring to make concessions to accommodate many elements of a preexisting voluntary compliance program.  

An individual CIA will require a corporation to agree to certain “undertakings and commitments” over a period of time in order to redress some alleged corporate misbehaviour. Essentially, these “undertaking and commitments” translate into the corporation promising to take certain (defined) concrete actions to prevent repeat offences and / or to demonstrate that any gaps within an internal controls and compliance framework are being filled or tightened.

Some common “observations” or call out actions within Life Sciences CIAs will initially focus on high level corporate legal requirements and then delve into many specific (regulated) activities, which revolve around the proper legal / ethical management of “promotional” and “non-promotional” practices. Some common CIA observations include the following:

High Level:

•  Accuracy and integrity of books, records and accounts
• Embedding of company standards, policies & procedures
• Avoiding conflicts of interest
• Protection of confidential information
• Appropriate meals, gifts and entertainment

 Targeted Activities / Engagements:

• Appropriate promotion of drug / medical device products – including, the creation, review and approval of both promo and non-promo material
• Legitimate use of drug samples
• Evaluation and / or demonstration of medical device products
• Responding to unsolicited requests
• Advisory Boards and Speaker Programs
• Appropriate Corporate Representation at certain events (Commercial, Medical, Regulatory, Corporate Affairs, Legal or Finance)
• Sponsorship for “professional services” – purpose, need, legitimacy
• Appropriate use and classification of “grants” and “donations”
• Investigator-initiated trials
• Post marketing studies and trials
• Scientific publications
• Appropriate distribution of educational items

Summary:

Today, there is clearly an expectation that all of the above practices – which are frequently engaged in by leading companies – should be dealt with in some satisfactory manner internally. This means investing in a good (visible) CIA internal training program; having sufficient and appropriately skilled resources in place to review and approve “high value” activities; ensuring that policies and procedures are clear, concise and “executable”; and being in a solid position to advise senior management about the real risks or gaps in a compliance program which may be absent with regard to some of the expected key controls.  

Having said that, a “bullet proof” compliance program is a work in progress and is best achieved through an organisation’s steady and consistent investment, interest and reward in its dedicated personnel. A company which sets aside management time and effort, demonstrates real interest in "high risk areas" and deploys its resources in a thoughtful manner will excel and will mitigate the likelihood of onerous CIA undertakings in the future. 

 *       *       *