Compliance Programs Today Falling Short on Auditing & Monitoring

By Darren Jones

CME the New Big Focus; Reimbursement Support Not Being Rigorously Monitored

Compliance officers and departments today have put so much of their focus and resources on having the right internal controls in place around risky third party and healthcare provider payment activities, that they have almost nothing left for auditing , verifying and ongoing monitoring of these activities for effectiveness. That was the overwhelming concern and area of renewed attention that we thought came out of the CBI 2nd Annual Forum on Compliance Monitoring held in Philadelphia recently.

In conversations we had with conference participants and in sessions we attended, compliance officers expressed that they were really struggling with finding comprehensive and systematic ways to conduct compliance risk assessments, audits and monitoring programs for overseeing activities they engage third parties for, especially on a global scale. Many participants we spoke to, in fact, said they were using random sampling techniques to gauge these areas. This simply cannot be the foundation for creating and investing substantial resources into compliance auditing and monitoring.

The third party monitoring activity area in the U.S. that’s causing them the most angst these days? Continuing Medical Education (CME) programs, which as recently as only 18 months ago, was never an activity that came under rigorous compliance oversight. That changed when the Office of the Inspector General began focusing on them in recent Corporate Integrity Agreements (CIAs). As a result, companies are now realizing that their liability does not end when they cut a check for an educational grant.

While CME was the hot button issue for compliance monitoring in the U.S., globally, risk assessment and monitoring of the growing number and type of third parties that manufacturers engage with in the markets they operate in around the world was really starting to take center stage among conference participants. These include large distributors, travel agencies and meetings planners. This mood was evident in conversations and session questions on the conference floor given recent legal activity involving such third parties funneling improper payments to HCPs “without” manufacturers’ knowledge.

While mounting scrutiny over both domestic and international third party compliance was clearly the top issue at the conference, how to fix porous monitoring efforts was the outstanding question on the minds of the majority of attendees. Having the capability, with very limited resources, to oversee compliance of, for instance, the hundreds of thousands of interactions sales reps have with providers, not to mention the hundreds of speaker programs and commercial and medical advisory boards, has been an extremely daunting challenge for the life sciences sector.

One of those missing areas, in fact, may be how communications around reimbursement support is being checked. Often just a line item in corporate compliance programs, many life sciences organizations do not realize that this does not only involve what the field force is directly saying to HCPs about company reimbursement programs and policies, but also encompasses the increasing number of third party vendors, hotlines, training firms and other dissemination channels manufacturers contract with to get out their message about reimbursement support.

It was illuminating to hear from participants that there has been some disconnect between compliance internal controls planning and implementation and compliance auditing and monitoring. In fact, a key conference takeaway for us was that many compliance monitoring programs have been carried out without verification being periodically done to determine if internal controls have been addressing all SOP areas or compliance risk. As a result, the compliance monitoring efforts themselves have been fraught with risk of being incomplete or unaligned with real risk.

Life sciences organizations have been experiencing a tremendous unmet need for getting their arms around their global compliance risk assessment and monitoring activities and utilizing technology to make these programs strategic and effective. Much of that technology is nascently found in the business intelligence systems they use for CRM, so it may only need to be harnessed and rechanneled to identify leading risk indicators in their global compliance monitoring.

There was much evidence at the conference that many organizations are beginning to give the proper attention to and are taking the right steps towards building a technology and process framework around the monitoring components of their compliance programs. Based on the buzz around this topic at this year’s conference, at next year’s conference we’re sure we’ll be hearing a number of great examples and best practices from life sciences organizations who shifted their compliance monitoring programs from being reactive responses to CIAs to being embedded into their day to day SOP.