Distilling compliance lessons from healthcare fraud cases

The False Claims Act (FCA) is the government’s primary civil remedy to redress false claims for federal funds and property involving a multitude of government operations and contracts. Although the FCA web catches a wide range of industries—including defense, financial, transportation, food, and agriculture—$2.5 billion of the $2.8 billion in total recoveries in fiscal year 2018 involved the healthcare industry, including pharmaceutical companies.

Compliance officers of healthcare and pharmaceutical companies, specifically, should be on high alert. In one of the largest FCA settlements last year, drug wholesale company AmerisourceBergen and certain of its subsidiaries in October 2018 reached a $625 million civil settlement for engaging in a drug “overfill” scheme arising from its operation of an unlicensed facility that illegally repackaged injectable drugs into pre-filled syringes and then distributed those syringes to physicians at a discount, resulting in cancer patients unwittingly receiving contaminated drugs. AmerisourceBergen violated the FCA by submitting false claims for the drugs it repackaged to federal healthcare programs.  

The scheme was first brought to the attention of the government by a whistleblower, Michael Mullen, former chief operating officer of AmerisourceBergen Specialty Group, a subsidiary that in 2017 paid a $260 million criminal fine for violations of the Food, Drug, and Cosmetic Act, resulting in a combined $885 million settlement. In his complaint, filed in the U.S. District Court for the Eastern District of New York, Mullen provided a first-hand account of how AmerisourceBergen executives deliberately concealed material information from the government to induce payment of the false and fraudulent claims, alleging he was terminated after raising these compliance concerns.

The five-year corporate integrity agreement (CIA) that AmerisourceBergen reached with the Department of Health and Human Services Office of Inspector General (OIG) provides compliance officers with a roadmap of best practices, including:

• Designation of a chief compliance officer who is a member of senior management and reports directly to the audit committee of the board;
• Appointment of a compliance committee chaired by the CCO and made up of other senior management members;
• Written policies and procedures regarding operation of the compliance program;
• Training of “covered persons” and board members; and
• Implementation of an annual risk assessment and internal review process.

Several recent CIAs now impose greater compliance obligations on boards, as well. In AmerisourceBergen’s CIA, for example, the board must meet at least quarterly to review and oversee matters related to compliance with both federal healthcare laws and obligations imposed under the CIA. The board must also include independent (i.e., non-executive) members.

AmerisourceBergen’s CIA further requires each board member to receive at least two hours of training addressing the unique responsibilities of healthcare board members, including the risks, oversight areas, and strategic approaches to conducting oversight of a healthcare organization. “This training may be conducted by an outside compliance expert hired by the board,” the CIA states.

Generally, there is also more accountability being placed on management. AmerisourceBergen’s managers, for example, must monitor and oversee activities within their areas of authority and annually certify that their business unit complies with both federal healthcare laws and the obligations of the CIA.

Patient assistance programs

Another FCA enforcement trend is the Justice Department’s increased scrutiny on funding arrangements between drug makers and independent charity patient assistance programs (PAPs), with an eye toward potential violations of the Anti-Kickback Statute (AKS). Under the AKS, drug companies are prohibited from offering or paying—directly or indirectly—anything of value to induce Medicare patients to purchase the company’s drugs, including the payment of patients’ copay obligations. Drug makers may donate to non-profits that provide copay assistance, however, if the non-profit is independent from their donors.

Compliance officers of drug makers should look to recent enforcement actions as real-world examples of conduct that increases the risk of FCA liability. In one recent action, Actelion Pharmaceuticals on Dec. 6, 2018, reached a $360 million settlement to resolve claims that it violated the FCA by using a purportedly independent charitable foundation as a conduit to pay the copays of thousands of Medicare patients taking certain Actelion drugs and to induce those patients to purchase them.

The Actelion Pharmaceuticals enforcement action is part of a broader enforcement trend. Pfizer, for example, paid $24 million in May 2018 to resolve similar charges, as did United Therapeutics, which paid $210 million in December 2017.

 

“All too often, companies make the mistake of ignoring serious compliance issues and hoping they will pass, only to cede control over the situation to a whistleblower who files suit against the company.”

Jacques Smith, National Leader, Complex Litigation, Arent Fox

 

Similar settlements are also pending. Both Ireland-based Jazz Pharmaceuticals and Danish drug company Lundbeck, for example, said they have reached agreements in principle regarding patient assistance charitable foundations. In its securities filing, Jazz said it has set aside $57 million, while Lundbeck said it expects to pay $52.6 million. Other drug companies that have received subpoenas include Astellas Pharma, Biogen, Celgene, Gilead Sciences, Johnson & Johnson, and Valeant Pharmaceuticals.

These enforcement actions signal that donations to independent charity PAPs is a high-risk area requiring enhanced oversight to ensure compliance with federal healthcare laws, “and you need to make sure that your assistance programs have been properly evaluated for potential AKS risk,” says David Leviss, a former trial attorney with the Justice Department’s Civil Division and now a partner at law firm O’Melveny. “This is where you need to engage with in-house and outside counsel to evaluate these programs.”

Jesse Witten, a partner with law firm Drinker Biddle, notes “the government in this area is going to expect close and literal compliance with the advisory opinions that have been issued on patient assistance programs and close and literal adherence to the 2014 special advisory bulletin that the OIG issued.”

Compliance officers in the pharmaceutical industry should review both OIG advisory opinions and recent CIAs for best-practice guidance before drafting or revising policies and procedures on interactions with independent patient assistance programs.

Some of those recommended best practices, included in recent CIAs, are discussed in more detail below:

Create an independent charity group. Establish a department or group that is separate and independent from the commercial business units of the company. This group should have sole responsibility and authority for developing the annual budget for the company’s donations to independent charity PAPs and for all other activities relating to such donations. The criteria governing donations should be put in writing.

Put in place legal and compliance checks and balances. All proposed donations and arrangements should be approved by the legal and compliance departments. Some examples of terms that should be satisfied: The company doesn’t exert (directly or through any affiliate) any influence or control over (1) the identification, delineation, establishment, or modification of any specific disease funds operated by the independent charity PAP, or (2) its process or criteria for determining eligibility of patients who qualify for its assistance program; and (3) the company does not provide donations for a disease state fund that covers only the company’s products.

Establish an annual budget for donations to independent charity PAPs. This budget should be set by the company’s independent charity group, with input from the legal and compliance departments. The company’s commercial business units should not be involved in, or influence, the budget or allocation process.

Implement monitoring and audit controls. The compliance department should annually monitor donations to independent charity PAPs, using both a risk-based targeting approach and a random sampling approach. Documentation that should be audited includes budget documents; documents relating to the decision-making process concerning donations; and any written agreements in place, as well as any communications and interactions between the company and the independent charity PAP.

“Healthcare organizations and life-science companies operate in highly regulated industries. It’s, therefore, critical that company management invest in and empower robust compliance programs with effective controls and internal reporting mechanisms,” says Jacques Smith, national leader of the complex litigation practice at Arent Fox. “If the company nevertheless identifies compliance concerns that could be significant, the company should retain experienced counsel who can capably investigate and evaluate the issues and advise the company as to whether remediation is necessary, including, in some cases, by self-disclosing to regulators.”

“All too often,” Smith adds, “companies make the mistake of ignoring serious compliance issues and hoping they will pass, only to cede control over the situation to a whistleblower who files suit against the company.” In fact, whistleblowers continue to bring the bulk of FCA cases, initiating 645 of the 767 new FCA matters brought in fiscal year 2018.

With whistleblowers bringing more FCA cases, the Justice Department is looking at them with a more critical eye. “A trend that we’re seeing in terms of this administration’s enforcement of the False Claims Act in AKS cases is an overall reluctance to regulate through litigation,” Leviss says.

Specifically, the Justice Department, through its recently issued “Granston Memo,” has stated it will more aggressively exercise its authority to dismiss FCA whistleblower claims that it views as meritless. “From a defense perspective, it’s going to be a better environment to challenge those kinds of cases,” Leviss says.

Companies should look to the Granston Memo for guidance in improving their chances of dismissing an FCA case. “It’s always going to be an uphill battle to get the government to voluntarily dismiss a case,” Witten says. “The best argument you can make to the government to implement the Granston Memo is to convince the government that whatever was alleged was not a violation of a regulation or was not a material violation.”