Cultivating Compliance

September 1, 2007
Eileen E. Erdos, Ted Acosta
Pharmaceutical Technology Europe

Volume 19, Issue 9

The authors discuss how companies facing ever-evolving regulatory requirements can address and assess compliance risk in their operating practices.

The rising cost of medications, a shortage of healthcare funding and prolific media coverage continue to sharpen the focus of lawmakers, regulators and enforcement authorities on the activities of the pharmaceutical industry. As a result, all over Europe, the number of investigations of pharmaceutical companies has been increasing and shows no sign of slowing.

While many companies focus their compliance efforts on the issues that have been the subject of these investigations, the risks are continuing to evolve. To manage risk effectively, it is important for companies to address the regulatory concerns of today and to stay abreast of, and prepare for, the issues of tomorrow.

Assessing exposure

The first step in managing compliance and lessening regulatory risk is to assess the nature of risk companies face. These risks are twofold: those specific to the markets in which the company operates, and those related to the company's practices.

Company-specific risks must be assessed from various angles: how well the company's policies and procedures address the requirements of the regulations and codes of the markets in which the company operates, and how well the operational practices align with the company's policies and procedures. Gaps among policies, practices and relevant standards may put the company at risk of violations, leading to fines or other sanctions.

With market-specific risks, circumstances affecting business operation in each country, including current laws and industry codes (which vary country to country), must be evaluated. Current enforcement practices are important to determining risk priorities: any ongoing healthcare reform and recent media attention to issues related to the pharmaceutical or healthcare fields will affect the level of risk in a particular country.

In brief

Because risk areas are continuously evolving, assessing current practices is not a one-time exercise. Companies looking to manage risk effectively will be diligent in assessing both the market and their operations on an ongoing basis. Establishing a routine process for identifying market risks and implementing formal monitoring to assess the company's risk exposure is critical. But which issues are gaining prominence?

Emerging trends: familiar issues with a twist

Many issues emerging in the pharmaceutical industry will affect current risk areas, but from a new perspective. For example, avoiding conduct that may be deemed to violate the US Foreign Corrupt Practices Act (FCPA) has become a major concern for many multinational companies. Essentially, this law aims to deter companies from bribing government officials outside the US. The US Securities and Exchange Commission (SEC) enforces the law's books-and-records requirements while the US Department of Justice (DOJ) focuses on its antibribery provisions. The law, therefore, can apply to corporate entities — both US and foreign — and individuals. The FCPA can pose particular challenges for companies in Europe, given that many healthcare professionals and hospital administrators are government employees, and thus may fall within the scope of the FCPA or any national anticorruption laws.

Indeed, both US authorities and other governments have initiated enquiries and, in some cases, aggressive enforcement efforts, concerning financial transactions between pharmaceutical companies and government healthcare professionals, hospitals and other government officials, such as those in charge of reimbursement, tenders, approvals and formularies. This has prompted pharmaceutical companies to re-examine their practices and controls from an FCPA frame of reference. This task is further complicated by the industry's increased reliance on third-party vendors to assist in activities involving payment or sponsorship of healthcare professionals and the ability, or lack thereof, to monitor vendor activities adequately.

The transparency of remuneration to healthcare professionals for services (such as speaker, investigator or advisory services) provided to a company is an ongoing focus for the industry, particularly in substantiating the need for the service, demonstrating that the healthcare professional received reasonable payment for the service, and evidencing that the service was, in fact, rendered.

More recently, the total compensation paid to an individual healthcare professional has also become an area of focus. While a single payment may appear appropriate, there is growing concern that 'excessive' amounts paid to any single healthcare professional may compromise independent medical judgment. For example, one healthcare professional may receive payment for services provided to the local marketing company, the global marketing organization, and the research operation. In these cases, various operating units and myriad different payment and tracking systems may be involved, and accounting for the 'totality of payments' is not necessarily easy to do. Further, given the pharmaceutical companies' reliance on employee reporting of expenses and the need to establish accurate records of the identities of the physicians,100% tracking may prove to be impractical, if not impossible.

Companies have been working to increase the transparency of their clinical trial activities and diminish concerns regarding withholding patient safety information by publishing clinical trial information in a standard, consistent manner, but the trend for using contract research organizations (CROs) to conduct trials more efficiently has raised additional concerns as to whether pharmaceutical companies have adequate controls in place to monitor the performance of third parties. In one recent case, a multinational pharmaceutical company lost FDA approval for all but one indication for a product, and was required to add warnings because of concerns about patient safety and data integrity in a required postmarketing study performed by the company's CRO: allegations of fraudulent activity included significant under-reporting of adverse events and inappropriate patient-recruitment activities.

Sponsoring healthcare professionals for educational purposes also presents some challenges for pharmaceutical companies. Scrutiny of travel and entertainment expenses by the US SEC and DOJ is common in the context of FCPA investigations. Granted, paying for the registration and reasonable travel expenses for a healthcare professional to attend a legitimate education programme is of benefit to patients and the wider healthcare community; however, companies are being investigated for lavish hospitality or sponsorship of healthcare professionals to attend events that are not legitimately scientific, on the grounds that such 'benefits' may inappropriately influence prescription patterns.

The direct link between sales and marketing units and charitable contributions or donations of products and equipment is bringing concerns about corporate philanthropy to the fore. Companies are beginning to minimize the role of sales and marketing personnel in the decision-making process and to provide charitable contributions and donations only to nonprofit institutions and organizations. Increasingly, however, healthcare professionals and for-profit companies have established nonprofit foundations. Companies will increasingly need to exercise due diligence in ascertaining the identities of those foundations and their organizers.

Finally, communication with healthcare professionals regarding information about unapproved uses for both approved and investigational products, particularly proactive communications by sales representatives and field-based medical affairs professionals, is a dilemma companies face. Recently, regulators and enforcement officials have increased their focus on the use of postmarketing studies and stand-alone meetings to advance the use of products for unapproved indications. Their concern is that these activities may compromise patient safety and drive up government healthcare costs unnecessarily.

Confronting the challenge

Once a company understands the nature of the risks it faces, both in local markets and as a global organization, it can take action to mitigate those risks and limit its exposure. These efforts include developing a compliance oversight structure to help assess and manage risks, implementing clear policies and procedures, and deploying monitoring and verification protocols.

Companies are becoming more sophisticated and organized in their approaches to written standards, training and systems. Increasingly, they are creating high-level policies from applicable laws and industry codes, as well as developing process-specific procedures that provide greater clarity to employees. This can help minimize inconsistent interpretation of standards throughout the company. Case studies can help educate employees on the practical application of policies and procedures in common situations, and testing can help ensure that the training is effective. Others have developed web-based tools to handle funding requests, knowledge management and record keeping that help to minimize the impact of new compliance requirements on existing operations.

Anticipating tomorrow's compliance concerns

Risks will continue to evolve as companies develop new market strategies, and as regulators and enforcement officials shift their focus. Part of the compliance effort requires an understanding of the current risks to the entire industry. As it is, most emerging risks are new twists on those already established. By paying attention to investigations and settlements that are in the news, other members of the industry can take heed that they could be next. New initiatives to manage business decisions from an ethical standpoint will help to avoid issues from the start. If vulnerabilities are found, taking proactive steps to address them is almost always better for the company than waiting for regulators to impose 'improvements.'

Ted Acosta is national leader of the health sciences team in Ernst & Young's fraud investigation and dispute services practice (New York, NY, USA). His team works with pharmaceutical, biotechnology and medical device companies worldwide in performing compliance assessments and developing compliance structures, policies and procedures.

Eileen E. Erdos is a senior manager in the health sciences team in Ernst & Young's fraud investigation and dispute services practice (Cleveland, OH, USA). Erdos's work includes identifying and mitigating regulatory risks, assessing sales, marketing, pricing and medical/clinical development activities, and assisting in redesigning business practices to comply with applicable regulations and standards.