Under Investigation

I thought I knew all of the definitions for healthcare compliance when I left my job at a traditional pharma company in 1998 to become chief operating officer of a company that sold both medical diagnostics products and pharmaceuticals.

Of course, I knew about patient compliance-whether people take their medications appropriately-compliance with FDA regulations governing sales and advertising materials, and compliance with good manufacturing practices, also an FDA concern. I knew that violation of an FDA regulation usually brought a nasty letter, although severe penalties could follow if the pharma company failed to address the complaint adequately.

During the first week at my new job, however, I learned about another kind of compliance-with Medicare regulations-that was potentially more damaging to my company, and to me personally as an officer and board member, than all the others. Instead of a letter, the Department of Justice sends a subpoena for files and records. And my new company had recently received one.

Common Medicare Abuses

Unfortunately, mine is not an isolated story. My colleagues who manage traditional pharma companies are likely to hear more about Medicare compliance in the near future, for three reasons:

• The Department of Justice is increasingly turning its attention to pharmaceuticals, after a decade of concentrating on medical diagnostics companies that knowingly or naively cheated the government.

• Even if a company is not directly reimbursed by Medicare, it is still culpable if DOJ suspects it has improperly "induced" someone who is to buy its product. And much of what has passed as routine pharma marketing now may be interpreted by DOJ as an inducement.

• The Pharmaceutical Research & Manufacturers Organization (PhRMA) recently issued a new marketing code regarding relations with healthcare professionals addressing some of the same concerns as Medicare compliance. Yet, the PhRMA code is voluntary and not a Medicare compliance program.

How serious is an alleged Medicare violation? First, there is the terminology itself- "potential Medicare fraud." That has both a criminal sound and a criminal implication, as outlined in the Health Insurance Portability and Accountability Act (HIPAA). It is not unusual for a DOJ investigation to result in both civil and criminal penalties, and the people who face criminal charges are top pharmaceutical executives and even members of the company's board of directors. Of course, intent is important in such an investigation or in a resulting trial, but intent may affect only the severity of the penalty. And intent is often in the eye of the government prosecutor.

Second, when the DOJ subpoena arrives, it does not reveal what potential infractions are involved, because there are, as yet, no actual charges. The only thing the company knows is that the government wants its records-and it will continue to demand more records over the ensuing months.

Third, the company will probably have to report the government investigation into potential Medicare abuse as a "material occurrence," leading to a possible black mark that can negatively affect its stock price and even be a death sentence for a small-cap firm. Furthermore, if a merger or friendly acquisition of the company is in the works, as was the case with my company, the other company will hesitate to close the deal until they know whether there will be a settlement, and, if there is a penalty, what it will be.

Fourth, the company doesn't know who its accuser is, and DOJ investigations seldom arise out of thin air. Is it a competitor? An employee turned whistle-blower? There is no way of knowing. In fact, if the case doesn't go to trial, the company may never learn who sounded the alarm.

And it's generally in a pharma company's best interest to seek a settlement to remove the dark cloud as soon as possible-unless its executives are convinced the matter is worth a trial, and most companies do not take that option.

In my case, the company's outside attorneys had decided to begin talking with the government before I came on board, so I immediately became involved in leading the compliance process. Simply put, a compliance program is a good faith measure to keep violations from happening again, although it is likely to be a condition of settlement anyway.

Essentially, a compliance program

• requires leadership by a management committee and has a chief compliance officer

• trains everyone in the company, regardless of whether they have contact with customers or patients, about what is permissible and what is not permissible where Medicare is concerned

• sets up procedures and infrastructure to make such training an ongoing, measurable, universal company policy

• shows employees how to question and report, without the possibility of retaliation, any problem they may have with a billing, sales, or marketing practice

• spells out internal penalties for those who ignore the process

• has a mechanism for reporting to the federal government any unintentional transgressions as soon as possible.

Reading down the list, one can see the value in setting up a compliance program before a subpoena ever arrives. Many companies are doing that now, just as decades ago they set up units to handle FDA regulations that had become too complex for legal departments to handle alone.

And that leads to a final point: Medicare compliance programs, whether proactive or reactive, can be important business assets that far outweigh the costs involved. Among the reasons:

• They help keep companies out of trouble or keep trouble from recurring.

• Through their examination of ongoing practices, they can root out costly, often nonproductive, programs or procedures, even if they are not illegal.

• The existence of such programs is a plus when a potential business partner conducts a due diligence review.

• Compliance programs can highlight questionable vendor practices that could lead to trouble for both vendor and pharma if not quickly addressed.

The ending of my own compliance story was a happy one. Soon after my company announced a final settlement with DOJ-and a refund amount was determined-our stock rose dramatically and a competitor completed a friendly acquisition that had been under discussion.

That would not have happened-or at least not as quickly-had we not embraced, in good faith, an aggressive Medicare compliance program.