Pharmaceutical companies, medical device manufacturers, and biotech companies are gearing up for the January 1, 2013 deadline set by the Centers for Medicare and Medicaid Services (“CMS”) for companies to begin collecting data under the federal Physician Payment Sunshine Act. But in the absence of long-awaited final implementing regulations, companies are struggling to understand what information they need to report, how to collect and report this information, and what this information will tell regulators and enforcers in an industry already under intense scrutiny. On October 16-17, 2012, industry executives and government officials gathered at ACI’s Physician Payments Disclosure and Aggregate Spend Conference in New York to discuss these and other questions, as well as the enforcement implications of Sunshine Act reporting.
PREPARING FOR SUNSHINE ACT REPORTING
Executives from large pharmaceutical companies shared insights from their experiences operating under corporate integrity agreements that require the reporting of aggregate spend and other information to the government. Such corporate integrity agreements, which are often a component of global settlements of federal healthcare fraud investigations, require implementation of reporting systems that many smaller companies may not have the resources to support. Nevertheless, certain themes were repeated during each of the panels as speakers discussed how companies, regardless of their size, should prepare for Sunshine Act reporting:
- Data must be complete and accurate.
- Companies should dedicate resources to auditing data in order to ensure that the data is complete and accurate.
- Auditing should be performed on a periodic basis (e.g., monthly, quarterly), so that a company can identify problems far enough in advance of reporting deadlines to correct these problems.
- Companies should identify “control documents” that will serve as the basis for the information reported under the Sunshine Act. Reported information should match the information in these documents, and the documents should reflect that the company’s policies and procedures were followed.
- Companies will have to rely heavily on their IT systems and professionals in order to collect complete and accurate data for Sunshine Act reporting. Companies should evaluate the capabilities of their internal IT systems and determine whether it is appropriate to retain an outside vendor.
Preparing for Sunshine Act reporting presents a company with an opportunity to review its physician, marketing, and sales spending policies and practices, and to determine whether the amount of and manner in which such amounts are spent are appropriate in the current environment of heightened scrutiny. A company’s best defense to any question raised by regulators and enforcers about payments reported under the Sunshine Act, or any of its aggregate spending practices, may be to assess the value and propriety of the company’s marketing, promotional, and sales activities before these payments are ever made.
WHAT SUNSHINE ACT DATA TELL ENFORCERS
Law enforcement officials from some of the most active healthcare fraud units in the country --James C. Cox, New York State Medicaid Inspector General, Michael Martinez, Executive Assistant U.S. Attorney from the District of New Jersey, and Jack W. Pirozzolo, First Assistant U.S. Attorney from the District of Massachusetts -- provided their perspective on the enforcement implications of the Sunshine Act.
Pirozzolo explained that the data could serve as a way to identify whether there were disproportionate payments going to a particular group of physicians and whether such disproportionate payments suggest that a company was “putting its thumb on the scale” to promote a product. This, Pirozzolo indicated, was the kind of evidence that the government takes into consideration when making investigatory and charging decisions.
All three enforcers explained that data mining was not a new tool for the government. But both Pirozzolo and Martinez indicated that one important use of the data made available under the Sunshine Act would be to assess the merit of qui tam allegations, which are one of the most fertile and common sources of cases investigated by their offices. Both also agreed that, while Sunshine Act data is clearly relevant to assess potential violations of the federal Anti-Kickback Statute, the government was still assessing other ways that the information could be used. Moreover, because Sunshine Act disclosures are certified, the disclosures could serve as the basis for false statement violations, or violations of the False Claims Act, or even as a means to support liability against individual executives under the Responsible Corporate Officer Doctrine (which allows the government to prosecute an individual in a position to prevent violations, even if the individual was not personally involved in the wrongdoing or did not know that it was occurring).
Healthcare fraud enforcement, including anti-kickback investigations, will continue to be a priority for regulators and prosecutors. Cox, for example, referenced his office’s 2013 work plan, which specifically cites identifying and investigating providers involved in kickbacks and inducements as an enforcement priority across all business lines for the coming year.
Furthermore, biotech and medical device companies may soon be receiving additional scrutiny. Both Pirozzolo and Martinez commented that the criminal and civil cases brought in the last ten years against pharmaceutical companies have made an impact on that industry and increased its focus on compliance, but noted that biotech and medical device companies have tended to lag behind and generally have not implemented similarly rigorous compliance systems and policies.