Compliance professionals from more than 200 life sciences companies gathered in Washington, D.C., for the 2019 CBI Pharmaceutical Compliance Congress (PCC). Bryant Aaron, chief compliance officer at Novartis Pharmaceutical Corp., opened the conference by reminding attendees that the compliance function helps companies navigate changing regulations, enabling organizations to deliver critical treatments to patients. Aaron also emphasized that “our industry grows together and we all benefit from each other’s successes.”

Conference discussions focused on empowering the compliance function, insights from recent enforcement actions, and a look at new and upcoming laws.

Empowering the Compliance Function

Empowering the compliance function was a recurring theme of PCC this year. Key tips included:

• Speak the same language as the business. Frame feedback and suggestions in terms of “value” and “return on investment.” For example, if you work for a small life sciences startup seeking an acquisition, quantify the value of having an effective compliance program in place — reduced due diligence expenses, lower healthcare compliance risks (which could reduce clawback or retainer obligations), and post-acquisition cost savings for the acquiring company, etc.
• When compliance issues arise, consider strategic needs and provide compliant alternatives. Reminding the business that you are there to set guardrails and not to block business initiatives is critical to building relationships and facilitating open lines of communication.
• Advocate for appropriate reporting lines and adequate funding. The importance of organizational structure was highlighted in the Department of Justice’s updated guidance on evaluating corporate compliance programs. 

Establishing Compliant Product and Reimbursement Support Services

Given the flurry of recent False Claims Act settlements related to copay assistance foundations (including corporate integrity agreements for three new CIAs in the past month), it is no surprise that patient programs and support services were a hot topic at PCC. Takeaways from relevant sessions include:

• Consider existing Office of Inspector General Guidance when designing support services. For example, only provide support services after prescription, avoid patient steering, or interference with clinical decision-making, etc.
• Define your product and reimbursement support programs. One recurring topic was the lack of consistent definitions for “Patient Support Programs,” “Patient Assistance Programs,” and “Independent Charity Patient Assistance Programs” across companies. Policies should articulate definitions and compliance guidelines for programs that your company uses
• Consider reporting lines and the potential compliance implications of that structure. Which function will be responsible for these programs? Is there separation between commercial and free drug programs?
• Don’t neglect training and monitoring. In addition to traditional document-based training and monitoring, consider opportunities for live monitoring, reviewing recorded calls, and conducting email audits.

Addressing New and Upcoming Laws

• Potential Sunshine expansion: Sunshine expansion: The “SUPPORT for Patients and Communities Act,” signed into law in October 2018, will expand federal transparency requirements to physician assistants, nurse practitioners, clinical nurse specialists, certified nurse anesthetists, and certified nurse-midwives. Several companies at the conference shared that while they may already collect transparency information for all healthcare professionals, they are beginning to consider data sources and vendors for validation of new covered recipients.
• Updates to government pricing rules: On April 18, 2019, President Trump signed H.R. 1839 “Medicaid Services Investment and Accountability Act of 2019” into law. The law addresses misclassification of innovator and non-innovator drugs and establishes stiff penalties for companies that misclassify drugs to gain additional reimbursement. One conference takeaway for compliance officers is to work with your company’s government pricing team to confirm your classifications are correct, based on the type of regulatory approval received for your products.
• California Consumer Privacy Act: The California Consumer Privacy Act (CCPA) will take effect Jan. 1, 2020, and become enforceable July 1, 2020. Helpful advice from conference sessions were to: prepare early, leverage General Data Protection Regulations compliance efforts where possible, and identify exemptions and pre-emptions (e.g., Health Insurance Portability and Accountability Act). Read Guidehouse’s Future of Data Privacy which highlights key considerations for managing the CCPA and growing list of global privacy regulations.