Upload
jesse-blair
View
215
Download
0
Embed Size (px)
Citation preview
Managing Risk with Third Parties and Strategic Partners
State Law Compliance The Overview
November 8, 2007
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum
Managing Risk with Third Parties andStrategic Partners Track
Paul J. SilverManaging Director
Huron Consulting Group
Managing Risk with Third Parties andStrategic Partners Track
I. State Reporting Regulatory Landscape
II. Who are “Third Party Vendors” and “Indirect Sources”?
III. Compliance Risks Associated with Third Party Vendors
a. Operational / business risks and considerations
b. Data risks and considerations State Reporting Responsibilities: Manufacturer vs. Vendor
IV. Risk Mitigation Considerations
Agenda
Managing Risk with Third Parties andStrategic Partners Track
State Reporting Regulatory Landscape• Existing State Laws
– Minnesota passed the first marketing disclosure law in 1993. Between 2001 and 2005, similar laws were enacted in California, Maine, Nevada, Vermont, West Virginia, and the District of Columbia.
• Proposed Federal Legislation: – “Physician Payments Sunshine Act of 2007” (S. 2029)– Will require companies with $100 million or more in annual gross revenues to report
the name and address of the physician, any facility with which the physician is affiliated, the value and the date of the payment or gift, its purpose, and what, if anything, was received in exchange. Companies that fail to report the required information would be subject to penalties ranging from $10,000 to $100,000 for each violation.
• Pending State Legislation– In 2007, at least 14 states have pending bills that would require manufacturers to
report to the state's health department gifts and other expenditures. – Familiarizing personnel early in the process will reduce the risk of non-compliance and
training costs in the future
Managing Risk with Third Parties andStrategic Partners Track
PendingEnacted
NV
Gift Disclosure Laws:ME, MN, VE, WV, and DC
• File a report identifying the value, nature, and purpose of any gift, fee, payment, subsidy, or any economic benefit greater than $25
Prohibition & Disclosure Law:MN
• Prohibits certain gifts over $50 to any one HCP per year
• Requires disclosure of compensationand reimbursements valued at more than $100
Comprehensive Compliance & Reporting Law:CA
• Establish annual, per-physician limits on gifts, promotional marketing materials and other items or activities
• Compliance with PhRMA Code and OIG GuidelinesNV
• Adopt a written marketing code of conduct, a training program, identify a compliance officer, conduct annual audits of compliance with the company's marketing code, and adopt policies for investigating non-compliance with the marketing code
Each state has taken its own unique approach to marketing disclosure and prohibition laws, while having various degrees of breadth and scope:
State Reporting Regulatory Landscape
Managing Risk with Third Parties andStrategic Partners Track
PenaltiesState Reporting Regulatory Landscape
Potential injunctive relief, costs, and attorneys fees Media
scrutiny
Reputation / image defaming
Physician Payments Sunshine Act of 2007 (S. 2029): A civil monetary violation not less than $10,000 but not more than $100,000 for each violation.
State Penalty
DC A civil violation for which a fine of $1,000 plus costs and attorney's fees may be adjudged
ME May be enforced in a civil action brought by the Attorney General. Failure to provide a report as required results in a civil violation of a $1,000 fine plus costs and attorney's fees.
MN Any violators are considered guilty of a misdemeanor
VT A civil penalty of not more than $10,000 per violation and injunctive relief, costs, and attorneys fees . Each unlawful failure to disclose constitutes as separate violation.
Managing Risk with Third Parties andStrategic Partners Track
Payments are sometimes made to HCPs on behalf of the company through third party vendors and “indirect sources”. Depending upon whom the payment is made, the company may be liable for reporting such expenditures:
• Third-Party Vendor Payments– Event planners (e.g. speaker program/training, advisory boards, etc.) – Co-promotion arrangements / partners– Consultants
• Co-Promotional Program Reporting Responsibilities– Pharmaceutical / medical device manufacturers
• Payments by Other (Internal) Divisions– Parent company– Subsidiary – Sister/operating companies– Functional departments within the same organization
• Global Organization– Reimbursing US HCPs for international programs
Who are Third Party Vendors & Indirect Sources?
Managing Risk with Third Parties andStrategic Partners Track
• Number of Third Party Vendors Within the Organization – Tracking the number of third party vendors being engaged among the brands and functional
areas
• Detail of Payment Information Provided by Third Party Vendor– Every transaction must be identifiable and attributable to individual HCPs in order for
aggregation, tracking, and reporting (aggregate spend)– Capturing information including: value, nature, and purpose of each transaction– Segregation of expenditures by HCP
• Potential Non-Compliance with Reporting and Tracking– Exceed spending limits– Inappropriate allocations– Inaccurate aggregation of spend for one particular HCP
Operational / Business Risks and Considerations
Compliance Risks Associated with Third-Party Vendors
Managing Risk with Third Parties andStrategic Partners Track
• Unique Identification of HCP Across Multiple Systems– Same name conundrum: (e.g. John Smith and John Smith Jr.)– Multiple addresses– Multiple group practice and affiliations– Multiple tax ID and other identifiers
• Capture and Identification of HCP Type– Physicians– Mid-Levels (NP, PA, RPh, etc.)– KOLs (non-prescribers)
• Orphan records– Varying versions of a name: (e.g. Robert Mayer MD vs. Rob Mayer)
Data Risks and Considerations
Compliance Risks Associated with Third-Party Vendors
Managing Risk with Third Parties andStrategic Partners Track
Compliance with sales & marketing payment disclosure and spending limitation requires actions by both the manufacturer as well as the vendor:
• Manufacturer Responsibilities and Possible Risks:– Collecting and compiling required information – Approving payments – Review for hidden payments and expenses– Data security and protection of proprietary information– Record retention and documentation – Vendor training on organizational reporting obligations
• Third Party Vendor Responsibilities and Possible Risks:– Compliance with organization’s state reporting policies– Read and certify compliance with standard operating procedures – Provide information at the appropriate level of detail
State Reporting Responsibilities: Manufacturer vs. Vendor
Managing Risk with Third Parties andStrategic Partners Track
Risk Mitigation Considerations• Standard Operating Procedures
– Provide gift and business expenditure and state reporting SOPs to vendors– Request certification of receipt and comprehension of SOPs
• Education– Provide training to vendors regarding state reporting obligations
• Co-Promotion Contract Terms and Conditions– Clear definition of reporting responsibilities in contract terms
• Monitor and Audit– Inventory all agreements and services being provided by multiple vendors– Designate one individual within the company to oversee TPV processes (e.g. purchasing/procurement or contracting
group)– Independent audit of third-party vendor contracts
• Standard Data Formats– Required data fields– Common data format
• Policies and Procedures – Standard policies and procedures for reporting and tracking payments made to HCPs by other divisions and/or the global
organization
• Disciplinary Action for Non-Compliance– Policies for non-compliance with third party vendor
Managing Risk with Third Parties andStrategic Partners Track
Questions?
Paul J. SilverManaging DirectorHuron Consulting Group
(678) 672-6160 Atlanta Office(646) 520-0200 New York [email protected]
Managing Risk with Third Parties and Strategic Partners
Operational Aspect of Managing Third Party Vendors
November 8, 2007
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum
Managing Risk with Third Parties andStrategic Partners Track
Bill FitzgeraldDirector Global Compliance
Alcon Laboratories, Inc.
Elizabeth LewisVice President Commercial LawMillennium Pharmaceuticals, Inc.
Managing Risk with Third Parties andStrategic Partners Track
Defining Third Party Vendor Types
Event Planners (e.g. speaker program/training, advisory boards, etc.)
Co-promotion Arrangements / Partners
Consultants
Internal Vendors (e.g. global, business units, etc.)
Managing Risk with Third Parties andStrategic Partners Track
Identification / Inventory of Third Party Vendors Across Organization
Business Inventory (sales, force, home office, MSLs, clinical, PR, etc.)
Data Inventory (systems, software, spreadsheets where data resides)
Managing Risk with Third Parties andStrategic Partners Track
Collecting and Compiling Required Information
Development of standard data formats for third party vendors
Managing Risk with Third Parties and
Strategic Partners Track
State ReportingData Management, Risks, &
Considerations
November 8, 2007
Bill BuzzeoVice President & General Manager
Cegedim Dendrite Compliance Solutions
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum
Managing Risk with Third Parties andStrategic Partners Track
Managing Risk with Third Parties and
Strategic Partners Track
Third Party Vendor Data
Managing Risk with Third Parties and
Strategic Partners Track
Data Submissions
• Secure access, authorization and authentication• Process and automated business rules to insure all 3Ps
are submitted• Partner / Vendor management reporting
Managing Risk with Third Parties and
Strategic Partners Track
Level of Detail
• Transaction and summary level• Dashboards• Graphics for decision support
Managing Risk with Third Parties and
Strategic Partners Track
Data Completeness
• Customer Master• Product Master• Data enrichment
Managing Risk with Third Parties and
Strategic Partners Track
Data Accuracy
• Data cleansing• Data validation• Data warehousing
Managing Risk with Third Parties and
Strategic Partners Track
Data Formats
• Industry standards: XML, EDI, Microsoft Office documents
• Others?
Managing Risk with Third Parties and
Strategic Partners Track
Certifications / Compliance
• 21 CFR Part 11• ISO 9000• CMM• ITIL• IEEE
Managing Risk with Third Parties and
Strategic Partners Track
Rights to Data
• Intellectual Property • Public knowledge• Trade Secrets• Residual Rights for people that know longer work with
this data