6 key risk, compliance and fraud considerations for life sciences
INSIGHT ARTICLE |
The life sciences industry faces several existing and emerging challenges from a regulatory and compliance perspective, posing a constant threat to operations and sustainability. Companies that can effectively manage these concerns can take a more proactive stance on risk, adhere to evolving regulatory standards and ultimately develop a competitive advantage.
RSM spoke at a recent pharmaceutical compliance conference, where life sciences compliance professionals presented industry trends and insights surrounding regulation and compliance. The following highlights several key conference takeaways that life sciences organizations should consider as they implement controls that promote compliance and deter fraud and corruption. These include:
- Increased regulatory scrutiny underscores the importance for life sciences companies to evaluate their risks regularly.
- Life sciences companies need proper controls and compliance programs focused on their business to ensure they are limiting their exposure to risk.
- Patient support and speaker programs are two areas under heightened scrutiny by regulators as they have become hot beds for bribery and corruption.
Industry trends in enforcement
Regulatory enforcement in the life sciences sector continues to increase, forcing companies to continually evaluate their risk and assess the adequacy of their current compliance programs. Due to this current regulatory environment, life sciences organizations must take steps to understand new and emerging risks in order to quickly respond and adapt.
This recent scrutiny has resulted in a dramatic increase in defendants charged in health-care-related fraud cases. According to the U.S. Department of Health and Human Services: Health Care Fraud and Abuse Control (HCFAC) Program Annual Report for Fiscal Year 2017, over 400 defendants were charged in 2017 in over 40 federal districts, with both figures quadrupling over a five-year period.
According to the report, the HCFAC program had a total budget of over $1 billion in fiscal 2017 (an increase over $400 million since fiscal 2013). The Office of the Inspector General (OIG), among other government entities, utilized these funds to conduct over 1,606 health care fraud investigations, which resulted in 788 criminal actions, 818 civil actions and over $2.4 billion in judgments and settlements. The increasingly growing budget has been partially due to the substantial return on investment that enforcement agencies have been able to demonstrate over time.
In addition to the figures above, the report also indicates that enforcement agencies are not just targeting large life sciences organizations. For example, in August 2017, a doctor was sentenced to 35 years in prison and ordered to pay approximately $268 million in restitution for his role in a Medicare and Medicaid fraud scheme. Therefore, health care professionals must remain up to date on regulations and implement programs within their practices that promote compliance.
6 key risk areas for life sciences organizations
Given the heightened regulatory enforcement activities, life sciences organizations should be mindful of risks, and create controls that help limit improper activities. Life sciences companies are particularly susceptible in a few specific areas, such as:
The European Union’s General Data Protection Regulation (GDPR) requires all organizations that hold, transmit or process EU-resident data to comply with the law, regardless of whether companies or contracted third parties actually operate in the EU. GDPR raises the bar for protecting consumer information and requires speciﬁc tracking from collection to disposal. To address these and other data security concerns, companies should periodically audit current security and privacy strategies, amend controls and planning as needed, align governance appropriately and have an incident response plan in place.
As hackers become more advanced, life sciences organizations must increase their focus on cybersecurity to protect sensitive data and systems. Just one breach could cause significant financial, reputational or regulatory consequences. However, an effective control environment can reduce the likelihood of a breach, enhance incident detection and response, and accelerate recovery efforts to limit damage.
The U.S. government is under pressure due to rising spend, particularly in the health care and life sciences space. The health care industry has been forced to shift to value-based pricing models as patients are increasingly absorbing costs. For example, a 2016 report by the Health Care Cost Institute found that total spend per patient grew 4.6 percent in that year, while utilization remained the same or declined. Manufacturers have responded to this trend with discounts to assist patients, including pricing coupons and patient assistance programs. Pricing continues to be more technical and complex with unclear and sometimes conflicting guidance provided.
Anti-bribery and corruption
Life sciences companies, due to the nature of their business, encounter more bribery and corruption risk than other industry segments. These companies often must interact with foreign and domestic governmental entities and officials, inherently creating higher public corruption risks. Below are three of the major areas of concern for life sciences organizations.
- Third-party relationships: While there are many benefits to working with third parties, new areas of risk often emerge. Life sciences companies should be especially mindful of three major areas of concern: regulatory compliance, data security and reputational impact. Failure to address these vulnerable areas with third parties can result in financial loss, or expose the organization to further regulatory or legal challenges.
- Patient support programs: Life sciences companies have begun supplementing their traditional role of discovering, marketing and selling medicines by providing support and solutions to the patient. These programs focus on guiding patients through diseases and providing educational and emotional support services, as well as financial support through programs such as discounted or free products, coupons and copayment assistance. While studies have shown the benefits that support programs bring to the patient, recent investigations have shown that patient support programs are often taken advantage of by companies to gain preferential treatment for their products, violating the Anti-Kickback Statute (AKS) and False Claims Act (FCA).
- Speaker programs: Life sciences organizations, specifically pharmaceutical companies, use speaker programs as a tool to market their products. These programs are designed to be educational to train physicians and other health care providers (HCPs) about prescription drugs and their effective uses for patient care. However, many speaker programs are only educational in appearance, and instead act as platforms for bribery schemes that violate the AKS and FCA, and expose companies to large penalties and fines.
All entities in the life sciences industry whose financial statements are prepared in accordance with U.S. GAAP will be affected by new revenue recognition guidance. Such entities should not delay their implementation activities given that the effects of the new guidance could be extensive from a recognition and measurement perspective and will be significant from a disclosure perspective.
In addition, new lease accounting guidance (ASC 842) will require lessees to recognize right-of-use assets and lease liabilities for all leases other than those that meet the definition of short-term leases. This change will result in lessees recognizing right-of-use assets and lease liabilities for most leases currently accounted for as operating leases under legacy U.S. GAAP.
The FDA pushed the serialization enforcement deadline from 2017 to Nov. 26, 2018, as the organization recognized many manufacturers were not ready and a lack of suppliers exist within the industry. With the pending enforcement date, most, if not all, companies have systems in place. The primary issue relates to legacy enterprise resource planning (ERP) systems’ inability to provide lot and batch control, and simultaneous serial number control, as they were designed as process manufacturing-based systems. With standards continuing to evolve and the issuance of guidance on interoperability of systems being issued in 2021, new technologies may advance to reduce the cost of compliance. With technologies such as blockchain, innovations may also enable value-added capabilities, including verification of chargebacks and rebates.
Proactively establishing a strong compliance program
Many organizations are striving to stay ahead of the curve by enhancing the strength of their compliance program. The Office of Inspector General and U.S. Department of Human and Health Services have released guidance for further developing robust compliance programs. This guidance is designed to help organizations evaluate the following critical compliance areas:
- Written policies and procedures
- Level of oversight and designation of a compliance officer and committee
- Formal training and education programs
- Effective lines of communication
- Response to detected offenses and developing corrective lines of action
- Consistent enforcement standards
- Risk assessment and monitoring
In addition, many organizations continue to evaluate their compliance and internal audit functions to determine whether their resources have adequate knowledge and experience. Regulatory authorities typically look favorably upon companies who have actively taken steps to follow guidance and implement effective programs. In addition to establishing and maintaining a strong in-house team, leading organizations periodically utilize external consultants to assist with gap assessments and enhancements to monitoring programs.
1. “The Department of Health and Human Services: Health Care Fraud and Abuse Control Program Annual Report for Fiscal Year 2017,” Department of Health and Human Services, accessed Nov. 28, 2018. “HCCI’s Health Care Cost and Utilization Reports,” Health Care Cost Institute, accessed Nov. 28, 2018. “Measuring Compliance Program Effectiveness: A Resource Guide,” Office of Inspector General, accessed Nov. 28, 2018.
You may also be interested in
More promise, more problems: Cyberattacks threaten life sciences companies researching COVID-19 vaccine.
Life sciences organizations are collecting customer data at an enormous rate leaving them vulnerable to cyberattacks.