The evolution of compliance
DOJ guidance on compliance programmes
What should companies do next?
Remediation and self-disclosure
How seriously should companies take DOJ guidance?
Impact of Trump administration
In the past, civil or criminal prosecutors focused on evidence collection and making charging decisions. Compliance and remediation were typically seen as afterthoughts. In the context of healthcare investigations, the Department of Health and Human Services Office of Inspector General (HHS-OIG) lawyers handled compliance and remediation efforts arising from the investigation.
For example, in the case of a typical corporate healthcare investigation there would be a government investigation. The government attorneys and the company would work out whether there was going to be a resolution and how much the resolution was going to be. Anything relating to compliance and post-resolution remediation was handled by the HHS-OIG, which would negotiate a corporate integrity agreement and monitor that corporate integrity agreement – working with the company. The Department of Justice (DOJ) had little to do with those efforts.
What has changed is that the compliance efforts at the time the misconduct allegedly took place are being more closely scrutinised by prosecutors and evaluated in the context of deciding what to do with the company. In the past, the question was: what happened? Now, it is not just what happened, but rather why did it happen and what did the company do when it was put on notice that misconduct might be happening? If the culture of a company is such that it facilitated the misconduct, it can affect how prosecutors view the company when it comes to making charging decisions or negotiating a resolution. In at least one recent criminal resolution, a DOJ-supervised monitor replaced a HHS-OIG corporate integrity agreement when it came to post-resolution oversight of a company.
Some prosecutors believe that companies should have a chance to avoid or mitigate criminal culpability if they consistently do the right thing and, conversely, should be punished more severely if they do not.
DOJ guidance on compliance programmes
On February 8 2017 the DOJ Criminal Division, Fraud Division issued an 11-part series of questions styled as guidance on corporate compliance programmes. A couple of years ago the DOJ hired a compliance consultant, Hui Chen, and her hiring was the beginning of an emphasis on evaluating corporate compliance during corporate criminal investigations. In the course of evaluating corporate compliance programmes in terms of alleged misconduct and to shape monitorships, she posed a thorough set of questions designed to evaluate a company's exiting compliance programme.
The DOJ Criminal Division has now formalised these questions and topics to provide companies with some guidance on what they might expect to face in terms of scrutiny of their compliance programmes from the DOJ. Interestingly, it is a series of questions, not a series of answers. It is a little more than the DOJ typically offers in terms of guidance on compliance programmes, but it by no means provides the answers. Companies are going to have to work the answers out themselves with their compliance departments and counsel. In March 2017 the HHS-OIG issued its own compliance guide, which includes issues to evaluate and further guidance. It is more detailed than the Criminal Division's guidance and is tailored for life sciences companies.
What should companies do next?
Even if a company is not under investigation, it should follow the DOJ guidance and ask itself the listed questions. For example, life sciences companies do much business overseas and must get their drugs and devices approved in other countries, often working with third parties. The oversight of third parties in other countries is important with respect to the Foreign Corrupt Practices Act investigations and whether companies are running afoul of that statute – especially since they are dealing with a lot of government entities. Allegations can be made that companies are trying to influence those government entities through bribery or corruption.
For a life sciences company that does a lot of work overseas, the questions about third-party management in the DOJ guidance are useful regardless of whether an active investigation is going on. This is true even beyond third-party management, which is just one of 11 different subcategories in the DOJ's guidance. A company's compliance programme can be transposed over these questions to see whether or not there are things that can be enhanced or altered.
Remediation and self-disclosure
Remediation efforts are now being closely scrutinised. If a company discovers an employee who is engaged in misconduct, how quickly the company acts is important. Should the person or persons be fired immediately? Should their job duties be removed? The scope is also significant. For example, how broadly were remedial efforts applied? Did the company consciously look into who may have been involved and take appropriate remedial efforts to make sure that those people are not viewed to be an issue. Remediation is something that is being closely scrutinised on both the criminal and civil sides. This is becoming a large part of a company's interaction with the government.
Whether the conduct was self-disclosed has become a major factor for many prosecutors. Alleged corporate misconduct comes to the attention of prosecutors in several ways – such as through self-disclosure, from a whistleblower or some other form of law enforcement. Some prosecutors believe that self-disclosure is only possible when a company has a robust culture of compliance.
However, self-disclosure is a complicated issue for life sciences companies. With Medicare's new 60-day overpayment rules and the existing HHS-OIG disclosure protocols, providers reimbursed by Medicare have certain factors and rules that govern their decision making. By contrast, the analysis by a manufacturer, pharmaceutical or medical device, would be different and involve different considerations.
How seriously should companies take DOJ guidance?
When the DOJ issues guidance, it is always a good idea to take it seriously. Sometimes companies see the government issuing guidance and view it as generalised guidance that they will consider but not take too seriously. Providing guidance is probably as far as the DOJ Criminal Division could go in terms of telling a company what it should or should not do and companies should take it seriously. The fact that guidance was issued and there are senior DOJ officials who have issued a similar message in prior speeches shows that they truly believe in the importance of compliance in terms of crime deterrence and changing corporate behaviour. In April, the attorney general reaffirmed these principals in an address to the Ethics and Compliance Initiative Annual Conference.
Impact of Trump administration
The Trump administration has made no public announcements, but it has done something significant which could lead to a continuation of this enhanced scrutiny of healthcare fraud – whether criminal or civil. In the initial 'skinny' budget, the Department of Health and Human Services budget, which had an overall reduction, had an additional $70 million in discretionary funding that was allocated to the Healthcare Fraud, Abuse and Control programme. The programme funds healthcare fraud efforts – whether through agents, prosecutors or complex data analysis efforts. That is roughly a 10% funding increase.
This is just a budget blueprint, but it gives some insight into where the Trump administration's priorities lie – particularly regarding healthcare. Enforcement efforts are likely to increase.
For further information on this topic please contact Geeja Gobena at Hogan Lovells US LLP by telephone (+1 202 637 5600) or email ([email protected]). The Hogan Lovells US LLP website can be accessed at www.hoganlovells.com.