The $3 trillion healthcare market has its lure.
By last year, 24 of the Fortune 50 companies had elbowed their way through healthcare’s front door.
Built around new, disruptive technologies, many new entrants are focused on the device side of the business. However, these new entrants must not overlook one critical element during the development cycle: the web of compliance requirements threaded throughout healthcare.
So far these nontraditional healthcare companies developing medical products have primarily focused on innovative technology. The examples are numerous - Apple has launched a mobile health product capable of monitoring heart rate, Verizon introduced healthcare IT solutions connecting clinicians to their patients, and AT&T has launched mHealth, a platform for mobile application development.
However, as companies venture into deeper waters, they must become fluent in the alphabet soup of government regulatory bodies and industry standards entities that enforce compliance requirements in multiple phases of the product lifecycle. The AMA (American Medical Association); CMS (Centers for Medicare & Medicaid Services); FDA (Food and Drug Administration); as well as HHS’s OIG (Department of Health and Human Services Office of Inspector General) all have roles in R&D, development, launch and commercialization.
The laws and standards these entities enforce impact nearly all operations of the medtech industry, including commercial practices, development, medical affairs, testing, manufacturing, documentation, billing, reimbursement, risk assessment, traceability, practice ethics, patient rights, referral laws, interactions with doctors and government officials and more.
For companies whose core business is not heavily regulated, developing the infrastructure and culture of compliance can be especially daunting. But failing to proactively plan for and develop a compliance program doesn’t simply risk a company’s entrance into the healthcare space; it can jeopardize a new entrant’s larger organization if liabilities arise that can affect other business units.
Pause, if you will, before that dizzying array of rules and regs, but recognize that, somewhere out there, a potential competitor is already moving along the compliance pathway. Analysis of government filings by PwC’s Health Research Institute identified 24 digital health devices that were cleared by the FDA in just the first 10 months of 2014. So sitting back is no solution if you are committed to providing better offerings.
What should a new entrant do as it develops new products?
- Factor compliance risks into business structure
- Make sure the compliance organization is scalable and
- Know the universe of risks and regulations.
Factor compliance risks into business structure when developing a medical entity
We recommend both legal and physical separation of a medical business from non-medical lines through the creation of a separate business unit. This structure limits the exposure for nonhealthcare business units to healthcare-specific compliance risks.
Consider the case where the company is using the same manufacturing facility to manufacture medical as well as nonmedical products. In a worst-case scenario of noncompliance, were a regulatory agency to shut down a facility’s manufacturing, both medical and non-medical business housed there would be impacted.
In addition to minimizing risk, separation can protect nonmedical business lines by helping streamline operations and simplifying compliance requirements. For example, the separation of medical and nonmedical businesses makes it possible for healthcare-specific training to be mandated only for those working on medical products, instead of forcing the entire corporation through a training program regardless of an employee’s involvement with medical products. Other similar efficiencies may also be found in areas of R&D, manufacturing, sales and marketing.
Make sure your compliance structure is scalable, and comes with a robust oversight mechanism
A robust compliance organization is the single most important mechanism to manage compliance risks. Further, that organization must be scalable beyond the initial, startup nature of the business. Importantly, those growth needs must be considered at early phases of development.
One of the most effective compliance organization structures in PwC’s experience has a single executive in charge of compliance requirements reporting directly to the head of the medical business unit. This supports operational simplicity while outlining clear roles and responsibilities at the executive level.
This also provides an independent, internal evaluation of potential risk issues and minimizes conflicts of interest that could come from reporting to other departments. In this way, potential compliance issues can be raised to the proper level, and receive the proper attention, without being unduly influenced by financial or other business metrics.
Know the universe of risks and regulations applicable to your health business
New entrants need to thoroughly analyze applicable compliance risks and regulations. Some compliance requirements depend on product complexity while others depend on the target customer.
Here is a list of industry compliance standards and regulatory guidance that is a great place to start in order to develop a best-fit risk control framework:
- AMA Code of Medical Ethics Opinion 8.061 – Gifts to Physicians from Industry
- AdvaMed Code of Ethics on Interactions with Healthcare Professionals (revised 2009)
- Enforcement Lessons: Settlement Agreements
- Federal Sentencing Guidelines Chapter 8 Organizational Guidelines (revised 2004, 2010)
- HHS’s OIG Compliance Program Guidance for Medical Device Manufacturers
- Other HHS OIG Guidance: OIG WorkPlan, Advisory Opinions, Fraud & Alert Bulletins
- Sarbanes-Oxley Act of 2002; and
- 21 CFR Regulations: Part 11, 803, 806, & 820.
There are real ramifications of noncompliance. A failure in this regard can result in millions of dollars of direct losses as well as significant collateral damage to the company. Noncompliance may also impact timeline for launching products, even costing companies their first-mover advantage.
At the end of the day, there is no one-size-fits-all solution to address all compliance challenges. Each company needs to determine what is best for them, grounding that decision on factors such as operational size, risk exposure and the type of products they will be introducing into the market.
The good news is that with the proper business structure, a scalable compliance organization, and knowledge of the risk landscape, compliance need not throttle a company’s innovation pipeline. Indeed, compliance protects the company, prevents destructive risk, and can provide competitive advantages.
--By James S. Varelis, Principal, PwC Health Industries, Pharmaceutical & Life Sciences sector