Compliance Week tries not to dwell on sector-specific compliance concerns too often; broad challenges that apply to many industries keep us busy enough already. Last month, however, we convened a special teleconference of compliance executives in the healthcare and life sciences sectors to jawbone about the latest headaches in their sectors, and the lessons learned there bear repeating.
The impetus for our tele-conference (co-hosted by Deloitte and its two sharp-minded partners who work on risk management in life sciences, David Hodgson and Mark Stehr) was a survey of compliance officers we conducted over the summer. Compliance Week polled not quite 100 compliance executives in the healthcare and life sciences fields, to ask about the structure of their risk management and compliance functions, what their top concerns are these days, and the like. We found some interesting results:
- 72 percent of respondents said the most senior, full-time, dedicated compliance executive at their company had the title “chief compliance officer.”
- Whoever the top compliance officer's title is, 28 percent of them still report to the general counsel, 25 percent to the CEO, and 21 percent to the board or the audit committee.
- 52 percent separate oversight of industry compliance (drug regulations, for example) from corporate compliance (financial reporting, business conduct, and so forth), while 48 percent combine them under one executive.
- 58 percent keep risk management and compliance in separate functions; 42 percent combine them.
- The single worry that consumes the most time: product promotion (think off-label marketing), which 24 percent ranked number one.
- The single worry that is most difficult to solve: bribery and improper payments, cited by 26 percent.
Other than that first statistic showing a clear majority have a chief compliance officer, the results are maddeningly inconclusive. Indeed, that was a major theme of our tele-conference—that industry-wide best practices are hard to find. The top compliance officer at one pharmaceutical company, for example, said risk management at her company reports into the internal audit department. In contrast, the compliance officer at large hospital system in California said risk management is integrated into the compliance function, “and for providers that can be fairly easy to do.” State healthcare regulators in California, she added, have made clear that they want to see an integrated risk management and compliance function.
Such was the tale from everyone else: that their compliance and risk management structures were dictated by internal company needs, including the company's dealings with regulators and what those regulators told them to do. One participant said that his company went through a regulatory review with the FDA, which told him that it didn't like risk management answering into the compliance function—risk management, the FDA said, should be independent. “We haven't had any issue or anything,” he later told me. “Really, what concern is it of theirs when this isn't broken?”
At the time, I was mildly surprised to see that off-label marketing (promoting a medication for some use not specifically endorsed by the FDA) is such a burning issue for compliance officers. Then came news last week that GlaxoSmithKline reached a $3 billion settlement with the Justice Department for off-label marketing of its diabetes drug Avandia. Granted, Avandia has been shown to correlate with heart trouble, and the FDA now severely restricts its use. Still, $3 billion is a lot of money, and the largest settlement of its kind in U.S. history.
That's a steep price to pay for a problem not easily controlled by a company. Remember that GSK makes the drug, while other parties put the drug into patients' hands—most notably doctors, who have to do the prescribing. I don't see the FDA and the Justice Department announcing a coordinated crackdown with state medical boards to revoke the licenses of doctors who engage in off-label practices. This has been a small but steady grievance I've heard from compliance officers in the pharma sector for quite some time, that their companies are being held responsible for the misconduct of others simply because Big Pharma is where the money is.
Hodgson and Stehr had some consolation and advice for companies trapped in the off-label marketing morass. Foremost, strive to get and maintain clarity into your sales channel. In Stehr's words, the key is to monitor your sales agents (direct sellers, resellers and otherwise) “and know who they're working with, not working for” to move product. But—back to my maddening comment earlier—companies have few standard blueprints for how to achieve that clarity. At best, they said, you can take cues from other businesses' practices, but you still need to adapt to your specific business model and your specific interactions with regulators.
And speaking of interactions with regulators, our tele-conference also touched briefly on healthcare reform—which, to this day, still amounts to more hand-wringing among companies than actual progress with regulators. Several people on the call gave the example of forthcoming “sunshine rules,” which will require more disclosure about the financial support doctors receive from the drug industry to support research, travel to conferences and similar activity. Big Pharma will need to disclose what it pays out to medical professionals, and Big Hospitals will need to disclose what their doctors receive.
All of that, of course, depends on guidance from the Centers for Medicare & Medicaid Services. CMS was due to propose those regulations by Oct. 1, which came and went with no such proposals. Two weeks ago, CMS Director Donald Berwick told Congress that was due to the Obama Administration's ongoing efforts to study excessive regulation, and the Sunshine Rules were caught in that snare. Meanwhile, the rules are slated to go into effect by Jan. 1, 2012 (Berwick readily admits that late spring 2012 is more likely), and disclosures are supposed to be available to the public by March 31, 2013.
Good luck with that, folks.