With demands for improved product safety and increased transparency, there has never been a better time to embed compliance into a company’s culture.
Viewed broadly, increasingly strict compliance requirements are part of an array of steadily growing pressures that the medical device industry faces, including rising product development costs and increased pricing sensitivity. Regulations and enforcement actions on a variety of compliance issues, including conflicts of interest, rising product prices, product safety, distributor agreements, and direct-to-consumer advertising are becoming more stringent, and this trend shows little sign of abating. At the same time, concerns about safety are driving additional regulatory requirements, such as new clinical trial reporting and postmarket surveillance requirements in the FDA Amendments Act of 2007 (FDAAA).
Given the effect of an investigation on a medical device company in terms of time, cost, and potential liability, ongoing compliance measures are an imperative. What’s clear from these trends is that regulators expect companies not only to have compliance programs, but also to be able to demonstrate the effectiveness of their compliance efforts. The greater challenge, however, is to use compliance requirements strategically.
Companies need to recognize that compliance requirements can be used strategically. Because compliance affects every part of a company, the challenge is going beyond surface-level requirements. Compliance demands, in effect, put companies in a position to assess business practices and consider their implications. For example, industry relationships with physicians are coming under increased scrutiny due to concerns about conflicts of interest and excessive industry influence. As a result, stringent new conflict-of-interest policies and federal laws requiring open disclosure of all financial and contractual arrangements between physicians and industry are gaining momentum.
When implementing these requirements, firms should use this opportunity to ensure that physicians who conduct necessary clinical research have agreements based on objective measures of the professional services provided and fees based on fair market value calculations. Similarly, relationships with key opinion leaders in the age of compliance (and transparency) should include building up-front expectations for deliverables, developing fair market value terms for compensation, and ensuring that there is complete separation between the relationship and commercial product use.
For companies dealing with these challenges, the opportunity—and the real objective for companies beyond required disclosures—is to transform relationships with physicians. Device firms should change relationships that are overly reliant on transactional activity and commercial value to relationships that are primarily based on collaboration and evidence-based professional value. Those that fail to redefine their relationships risk scrutiny, tighter regulations, fines, and the potential of alienating physicians or frustrating regulators, both of whom are critical to the business. Another potential benefit is that companies that take the lead in redefining relationships in terms of compliance often end up increasing trust and accountability among their organization, physicians, and regulators.
Similarly, continuing medical education and other education funding by industry is facing intense scrutiny and is subject to compliance and transparency demands. To improve negative perceptions of undue industry influence on physicians, effective, but not overly bureaucratic, firewalls are needed between all consultative, clinical research, and educational grant agreement payments to physicians. The same rules also apply to sales and marketing efforts to avoid even the appearance of conflicts of interest. Increased focus on compliance and transparency need not lead to damaged professional relationships or concern about regulatory scrutiny (when compliance operates as business strategy). Companies that position themselves as leaders in transparency and compliance in these relationships have an opportunity to foster a reputation for integrity and collaboration based on professional, not commercial, value.
Product safety represents another area of concern that has led to increased compliance requirements for medical OEMs. As mentioned previously, the FDAAA imposes a number of new requirements, such as the following:
■ Title III of the FDAAA expands FDA’s authority to require postmarket surveillance of medical devices aimed at pediatric patients.
■ Title VIII of the FDAAA requires enhanced clinical trial reporting. Previously, device trials were not required to be reported to the National Institutes of Health’s clinical trial registry. Now, all clinical trials involving drugs, biologics, and devices must be reported, as well as trial results.
Although compliance requirements may reflect concerns about and address issues regarding product safety and clinical trial data reporting, these requirements give companies an opportunity to further examine their professional relationships with investigators.
Companies can also use compliance demands for improved data collection and analysis, increased adverse-event reporting requirements, postmarket surveillance, and CAPA processes to expand both risk management and strategic advantage. Compliance already requires companies to collect and report much of this information, but a larger opportunity exists here to enhance the use of data collected and to redefine the use of existing data. These data by themselves are not necessarily strategic, but they can be used in a strategic manner. For example, companies may use call center data trend analysis for incremental improvements, but the data can also be used as an element in strategic portfolio management. The data may provide insight into how a product is performing by creating a clearer picture of what is happening with patients, healthcare providers, and competitors. The data can also help to guide companies’ investments in new technology and help to identify trends and opportunities in the market. These processes can be formalized so that these data become a critical piece of the overall strategic market planning.
Quite often, compliance with regulatory requirements is viewed by many outside the compliance function as a nuisance and burden. In many device firms, compliance is delegated to a compliance officer or compliance group that is responsible for ensuring that obligations are met. As a starting point for compliance groups, the Office of the Inspector General (OIG) has provided an overview of what a compliance program should include, both through its 2003 Compliance Guidance for Pharmaceutical Manufacturers (which also applies to medical device companies) and, in effect, through corporate integrity agreements. Such agreements can provide practical guidance on how OIG deals with different situations involving potential conflict-of-interest concerns in physician relationships, fair market value fees for clinical investigators, etc.
Any compliance program needs to be flexible and be sensitive to trends and possible changes in requirements, as well as be ready to incorporate new requirements. For example, companies must consider whether to follow AdvaMed’s December 2008 updates to its Code of Ethics of Interactions with Health Care Professionals and must be aware of possible new laws and regulations (see the sidebar, "Changes Affecting Compliance Programs"). Recent proposed laws include the Transparency in Medical Device Pricing Act, which sought to require the reporting of sales price data for implantable medical devices. Although the law was never passed by Congress, manufacturers should pay careful attention to proposed legislation that may affect them.
It is now clear that compliance programs will be examined for their effectiveness, not for the amount of money spent on them or for any elaborately designed procedures within them. The most recent Department of Justice standards (included in the United States Attorneys Manual in August 2008), which are used by prosecutors to determine whether to pursue criminal charges, tell prosecutors to examine whether compliance programs are being implemented in “good faith.” If there are indications of a truly effective compliance program, it may support a decision either not to charge a corporation or to mitigate sanctions. Also, the standards in this manual indicate an expectation that compliance programs will be reviewed and revised periodically by the company.
Once a compliance program is in place, as a practical matter, ongoing monitoring becomes extremely important. Companies should use an approach that recognizes the potential negative liability of a poorly implemented compliance program. The program should include periodic reviews or assessments by an independent organization familiar with the industry and regulatory landscape. Companies that operate using clear procedures, maintain consistent and verifiable records, and periodically examine in-house practices to ensure that they are being followed will be in a strong position to face inquiries from an enforcement agency.
To go beyond the minimum, however, compliance responsibilities cannot be delegated to an individual or group. Good compliance practices must be seen as a part of everyone’s job, and part of each manager’s accountabilities. Instead of viewing new compliance requirements as simply adding to reporting burdens, a well-formulated strategic approach that focuses on the intent of the rules should be used as a way to transform and improve an organization.
To create sustainable change and ensure that effective compliance practices become part of a company’s DNA, compliance must be part of the entire organization. Even with a compliance program in place, deeper changes cannot occur without strong executive leadership. Clearly, the OIG expects corporate leadership to set the tone, as it would with any other major corporate initiative, and this imperative must carry over to all managers’ accountabilities. In other words, to be transparent and effective, compliance requirements must be woven into each manager’s job. Companies must ensure that compliance practices are part of a manager’s accountabilities in the same manner that managers are accountable for financial performance. As compliance (and transparency) demands increase, companies need to focus on compliance as a major component of their business strategy.
One method of developing managers who view compliance as an integral part of their operations is to create a definitional base for critical roles in the organization. Using an approach that engages key personnel (to ensure their buy-in of the company’s strategies) enables companies to redefine professional roles and capture the results of the redefined roles in a definitional base called job charters. These charters define requirements and accountabilities and can be used to ensure compliance considerations are a part of
■ The strategic relevance of a role or management level, including the expected input into strategy development and implementation as well as the translation of strategy to enable the action of others.
■ The key accountabilities of the role, in areas such as strategy and planning, leadership, developing processes, managing resources, and modeling collaboration to the organization.
■ The key interfaces in which the designated personnel needs to be interpersonally effective (i.e., the people that the personnel most frequently deal with, specific content areas covered, etc.)
■ Decision-making authority, matched to accountabilities.
By using the job charter development process, companies can build a clear consensus among those in critical leadership roles and create an organization in which everyone is responsible for ensuring effective compliant practices. Job charters also illustrate how companies can develop capabilities and reach the point at which compliance can be used strategically.
Compliance as business strategy can be a way for companies to distinguish and differentiate themselves. This concept should prompt companies to create an organizational framework that redefines core processes and makes compliance part of management’s accountabilities. The challenge is to avoid creating an overly bureaucratic system that inadvertently encourages people to find workarounds or runs the risk of grinding innovation to a screeching halt. Successful processes need strong executive sponsorship and need to be integrated into the larger organization’s standard operations.
In this complex and demanding environment, the trend toward increasing compliance demands cannot be viewed separately from broader industry changes. Instead, effective compliance practices should be viewed as addressing the unmet needs of certain stakeholders in the market. These stakeholders—namely regulators, the public, and even Congress—want to ensure product safety as well as rebuild trust in both industry and regulatory agencies. Compliance should be more than a form to fill out or a box to check; it should be part of an overall approach that addresses the market’s increasing demands for improved product safety and transparency.
Compliance as a business strategy uses existing and new compliance requirements to go beyond minimal collection or reporting obligations. This approach not only provides the framework for ensuring transparent compliance processes, but effectively acts to address a market need. Such an approach can help keep a company out of trouble and help improve its competitive advantage.
Stephen E. Rothenberg, JD, is a business analyst for Numerof & Associates Inc. (St. Louis, MO). Michael N. Abrams is managing partner, and Rita Numerof, PhD, is president of the company.