Managing Risk with Third Parties and Strategic Partners State Law Compliance The Overview November 8, 2007 Pharmaceutical Regulatory and Compliance Congress.

Managing Risk with Third Parties and Strategic Partners

State Law Compliance The Overview

November 8, 2007

Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum

Managing Risk with Third Parties andStrategic Partners Track

Paul J. SilverManaging Director

Huron Consulting Group


I. State Reporting Regulatory Landscape

II. Who are “Third Party Vendors” and “Indirect Sources”?

III. Compliance Risks Associated with Third Party Vendors

a. Operational / business risks and considerations

b. Data risks and considerations State Reporting Responsibilities: Manufacturer vs. Vendor

IV. Risk Mitigation Considerations

Agenda


State Reporting Regulatory Landscape• Existing State Laws

– Minnesota passed the first marketing disclosure law in 1993. Between 2001 and 2005, similar laws were enacted in California, Maine, Nevada, Vermont, West Virginia, and the District of Columbia.

• Proposed Federal Legislation: – “Physician Payments Sunshine Act of 2007” (S. 2029)– Will require companies with $100 million or more in annual gross revenues to report

the name and address of the physician, any facility with which the physician is affiliated, the value and the date of the payment or gift, its purpose, and what, if anything, was received in exchange. Companies that fail to report the required information would be subject to penalties ranging from $10,000 to $100,000 for each violation.

• Pending State Legislation– In 2007, at least 14 states have pending bills that would require manufacturers to

report to the state's health department gifts and other expenditures. – Familiarizing personnel early in the process will reduce the risk of non-compliance and

training costs in the future


PendingEnacted

NV

Gift Disclosure Laws:ME, MN, VE, WV, and DC

• File a report identifying the value, nature, and purpose of any gift, fee, payment, subsidy, or any economic benefit greater than $25

Prohibition & Disclosure Law:MN

• Prohibits certain gifts over $50 to any one HCP per year

• Requires disclosure of compensationand reimbursements valued at more than $100

Comprehensive Compliance & Reporting Law:CA

• Establish annual, per-physician limits on gifts, promotional marketing materials and other items or activities

• Compliance with PhRMA Code and OIG GuidelinesNV

• Adopt a written marketing code of conduct, a training program, identify a compliance officer, conduct annual audits of compliance with the company's marketing code, and adopt policies for investigating non-compliance with the marketing code

Each state has taken its own unique approach to marketing disclosure and prohibition laws, while having various degrees of breadth and scope:

State Reporting Regulatory Landscape


PenaltiesState Reporting Regulatory Landscape

Potential injunctive relief, costs, and attorneys fees Media

scrutiny

Reputation / image defaming

Physician Payments Sunshine Act of 2007 (S. 2029): A civil monetary violation not less than $10,000 but not more than $100,000 for each violation.

State Penalty

DC A civil violation for which a fine of $1,000 plus costs and attorney's fees may be adjudged

ME May be enforced in a civil action brought by the Attorney General. Failure to provide a report as required results in a civil violation of a $1,000 fine plus costs and attorney's fees.

MN Any violators are considered guilty of a misdemeanor

VT A civil penalty of not more than $10,000 per violation and injunctive relief, costs, and attorneys fees . Each unlawful failure to disclose constitutes as separate violation.


Payments are sometimes made to HCPs on behalf of the company through third party vendors and “indirect sources”. Depending upon whom the payment is made, the company may be liable for reporting such expenditures:

• Third-Party Vendor Payments– Event planners (e.g. speaker program/training, advisory boards, etc.) – Co-promotion arrangements / partners– Consultants

• Co-Promotional Program Reporting Responsibilities– Pharmaceutical / medical device manufacturers

• Payments by Other (Internal) Divisions– Parent company– Subsidiary – Sister/operating companies– Functional departments within the same organization

• Global Organization– Reimbursing US HCPs for international programs

Who are Third Party Vendors & Indirect Sources?


• Number of Third Party Vendors Within the Organization – Tracking the number of third party vendors being engaged among the brands and functional

areas

• Detail of Payment Information Provided by Third Party Vendor– Every transaction must be identifiable and attributable to individual HCPs in order for

aggregation, tracking, and reporting (aggregate spend)– Capturing information including: value, nature, and purpose of each transaction– Segregation of expenditures by HCP

• Potential Non-Compliance with Reporting and Tracking– Exceed spending limits– Inappropriate allocations– Inaccurate aggregation of spend for one particular HCP

Operational / Business Risks and Considerations

Compliance Risks Associated with Third-Party Vendors


• Unique Identification of HCP Across Multiple Systems– Same name conundrum: (e.g. John Smith and John Smith Jr.)– Multiple addresses– Multiple group practice and affiliations– Multiple tax ID and other identifiers

• Capture and Identification of HCP Type– Physicians– Mid-Levels (NP, PA, RPh, etc.)– KOLs (non-prescribers)

• Orphan records– Varying versions of a name: (e.g. Robert Mayer MD vs. Rob Mayer)

Data Risks and Considerations

Compliance Risks Associated with Third-Party Vendors


Compliance with sales & marketing payment disclosure and spending limitation requires actions by both the manufacturer as well as the vendor:

• Manufacturer Responsibilities and Possible Risks:– Collecting and compiling required information – Approving payments – Review for hidden payments and expenses– Data security and protection of proprietary information– Record retention and documentation – Vendor training on organizational reporting obligations

• Third Party Vendor Responsibilities and Possible Risks:– Compliance with organization’s state reporting policies– Read and certify compliance with standard operating procedures – Provide information at the appropriate level of detail

State Reporting Responsibilities: Manufacturer vs. Vendor


Risk Mitigation Considerations• Standard Operating Procedures

– Provide gift and business expenditure and state reporting SOPs to vendors– Request certification of receipt and comprehension of SOPs

• Education– Provide training to vendors regarding state reporting obligations

• Co-Promotion Contract Terms and Conditions– Clear definition of reporting responsibilities in contract terms

• Monitor and Audit– Inventory all agreements and services being provided by multiple vendors– Designate one individual within the company to oversee TPV processes (e.g. purchasing/procurement or contracting

group)– Independent audit of third-party vendor contracts

• Standard Data Formats– Required data fields– Common data format

• Policies and Procedures – Standard policies and procedures for reporting and tracking payments made to HCPs by other divisions and/or the global

organization

• Disciplinary Action for Non-Compliance– Policies for non-compliance with third party vendor


Questions?

Paul J. SilverManaging DirectorHuron Consulting Group

(678) 672-6160 Atlanta Office(646) 520-0200 New York [email protected]

Managing Risk with Third Parties and Strategic Partners

Operational Aspect of Managing Third Party Vendors

November 8, 2007



Bill FitzgeraldDirector Global Compliance

Alcon Laboratories, Inc.

Elizabeth LewisVice President Commercial LawMillennium Pharmaceuticals, Inc.


Defining Third Party Vendor Types

Event Planners (e.g. speaker program/training, advisory boards, etc.)

Co-promotion Arrangements / Partners

Consultants

Internal Vendors (e.g. global, business units, etc.)


Identification / Inventory of Third Party Vendors Across Organization

Business Inventory (sales, force, home office, MSLs, clinical, PR, etc.)

Data Inventory (systems, software, spreadsheets where data resides)


Collecting and Compiling Required Information

Development of standard data formats for third party vendors

Managing Risk with Third Parties and

Strategic Partners Track

State ReportingData Management, Risks, &

Considerations

November 8, 2007

Bill BuzzeoVice President & General Manager

Cegedim Dendrite Compliance Solutions





Third Party Vendor Data



Data Submissions

• Secure access, authorization and authentication• Process and automated business rules to insure all 3Ps

are submitted• Partner / Vendor management reporting



Level of Detail

• Transaction and summary level• Dashboards• Graphics for decision support



Data Completeness

• Customer Master• Product Master• Data enrichment



Data Accuracy

• Data cleansing• Data validation• Data warehousing



Data Formats

• Industry standards: XML, EDI, Microsoft Office documents

• Others?



Certifications / Compliance

• 21 CFR Part 11• ISO 9000• CMM• ITIL• IEEE



Rights to Data

• Intellectual Property • Public knowledge• Trade Secrets• Residual Rights for people that know longer work with

this data

Managing Risk with Third Parties and Strategic Partners State Law Compliance The Overview November 8, 2007 Pharmaceutical Regulatory and Compliance Congress.

Documents