Responsible Executive

2012 In The Line Of Fire

Risky Business?

Haunting Prose

2012 In The Line Of Fire Recent FCPA Enforcement Efforts In The Pharmaceutical /

Medical Device Industry And The Importance Of An

Effective Compliance Program

Risky Business?

Assessing Risks with A Risk Assessment Checklist

Responsible Executive Enhanced Compliance Efforts Encouraged To Avoid

“Responsible Executive” Liability

Haunting Prose Ghostwriting and

Transparency in

Pharmaceutical

and Medical

Device Publications

MEDICAL DEVICE

COMPLIANCE|Solutions BUTLER SNOW

Spring, 2012

T he personal stakes for healthcare executives and members of Boards of Directors have never been

higher, requiring many now to consider a previously unthinkable question: “What objective evidence exists to demonstrate my intention to lead this company in an ethical and compliant manner?” And even more unthinkable, “If documentation of my due diligence and ethical intention is available, will it protect me if company wrongdoing is, nevertheless, detected?” These questions would have seemed unnecessary and perhaps even absurd to healthcare executives in the past. Healthcare executives believed that their intent to act ethically was presumed, absent evidence to the contrary. Regrettably,

executives must now prepare for the aggressive re-emergence of a strict-liability standard that targets corporate officers for the non-compliant actions of their companies.

In 1975, the U.S. Supreme Court in United States v. Park, attributed criminal responsibility to corporate officers for public welfare-based crimes without any evidence that they may have been aware of, or participated in, the underlying conduct.2 This theory of liability is frequently referenced as the “responsible corporate officer doctrine” or “Park Doctrine.” Although it seems unfair, and perhaps unconstitutional, the Park Doctrine and subsequent actions of government agencies have abandoned the

conventional requirement of knowledge or participation in improper behavior to support a criminal claim. Instead, the courts are applying a much more ambiguous standard that focuses on whether the corporate officer had the power to prevent the improper behavior but failed to do so.3

While the Park Doctrine was penned in 1975, actual use of the doctrine in healthcare prosecution has been limited. Unfortunately, indications are that its use will increase dramatically. The FDA recently updated its Regulatory Procedures Manual to include “Special Procedures and Considerations for Park Doctrine Prosecutions,” to state “that a responsible corporate official can be held liable for

Enhanced Compliance Efforts Encouraged to Avoid “Responsible Executive” Liability

ResponsibleExecutive

COMPLIANCE|Solutions 7

“I’ll get you, my pretty, and your little dog too!” — Wicked Witch of the West

“OIG has the authority to exclude every officer and managing employee of a sanctioned entity.” — OIG1

a first time misdemeanor (and possible subsequent felony) under the Federal Food, Drug, and Cosmetic Act without proof that the corporate official acted with intent or even negligence, and even if such corporate official did not have any actual knowledge of, or participation in, the specific offense.”4

That statement certainly begs the question: How can there be a criminal prosecution without any knowledge that action is considered criminal? A strict liability standard this high might send even the most diligent healthcare executive scrambling to review the definition section of the Park Doctrine to determine if he or she is included in the group of individuals subject to this strict liability standard. But neither the Courts nor enforcement agencies have defined “responsible corporate officer” or set forth the standards by which to judge the conduct of responsible corporate officers. Executive anxiety might be further increased by thirty-two additional fraud fighting provisions in the Healthcare Reform Law. Undeniably, the personal stakes for healthcare executives have never been higher.

Beyond the threat of criminal penalties, a misdemeanor Park Doctrine conviction can lead to exclusion of the executive (and

the company) from federally-funded health care programs, effectively ending the career of a healthcare executive. The FDA and the OIG, under intense Congressional and public pressure, are expanding the use of their “debarment” and “exclusion” authorities in the post-plea sentencing phase of Park Doctrine misdemeanors.5 Governmental enforcement agencies believe that, without fear of personal sanctions, corporate officers are encouraged to ignore improper actions or defective processes in pursuit of corporate and personal gain. Stating its concern that major corporations “may consider civil

penalties and criminal fines a cost of doing business,” the OIG plans to “alter the cost-benefit calculus of the corporate executives who run these companies” by “excluding” individuals who are responsible for the fraud, either intentionally or merely because of their positions in a company that engaged in fraud.6

While companies frequently enter into settlement agreements that avoid exclusion from federal healthcare programs, the OIG will not discuss whether it will exercise its exclusion authority with an individual prior to a plea being entered. Therefore, unlike the company for which he works, an executive may not have the opportunity to consider whether he will be excluded from participation in federally funded healthcare programs at the time he considers whether to accept a misdemeanor charge to settle an allegation. These dynamics can put the interest of the company and the executive at odds.

Risks for the executive are further increased because the entire permissive exclusion process between the OIG and an executive is a paper process. The potentially excluded executive is afforded no opportunity to address personally those with the power to end his career. If exclusion does occur, the

appeal process seems equally draconian in that there is no independent review of the OIG’s decision. The only appealable issue is whether the OIG had exclusion authority in the particular case; the merits of the exclusion are not appealable.

Fortunately, despite the stated strict liability standard, Park Doctrine prosecutions have primarily been advanced against executives who had knowledge of and ignored warning signs of violations. If this trend continues, executives should take advantage of opportunities to protect not only the companies they represent, but

themselves. On this issue, the interests of the entity and the executive are completely aligned. By now, all prudent healthcare entities have adopted a corporate compliance program that includes policies, training, reporting mechanisms and the other essential elements of an effective compliance program, as defined by the OIG. But new emphasis will be placed on whether the compliance program is “effective” and how a determination of “effectiveness” is made. Executives must be diligent in supporting the company’s compliance program through appropriate budgeting for monitoring the compliance activities, appropriate oversight of the activities, and exemplary tone-at-the-top. In the Park case, the Supreme Court ruled that corporate officers have “a positive duty to seek out and remedy violations when they occur but also, and primarily, a duty to implement measures that will insure that violations will not occur.”7 Internal monitoring and auditing of high risk areas, corporate compliance policies and processes should be the expected due diligence to meet this standard. Executives can further demonstrate their commitment to an effective compliance program and avoid challenges of bias or conflict of interest by

engaging independent external auditing and assessments to help independently verify the effectiveness of the compliance efforts. In a recent Corporate Integrity Agreement, the OIG actually required the sanctioned company to hire an independent compliance consultant that reports to the Board of Directors.8 In this enforcement environment, many Compliance Officers and Boards of Directors are voluntarily engaging independent compliance advisors to gain specialized advice and a non-biased assessment of their compliance programs and processes.

There are many steps that you can be taking that would put your organization in a better position for the day we do come knocking, or that could prevent us from coming at all.

— Lanny A. Breuer, Assistant Attorney General11

8 COMPLIANCE|Solutions

While the industry has refocused on the assessment of an effective compliance program, these concepts have been previously brought to the attention of healthcare leadership by both the OIG and the Federal Sentencing Guidelines. The OIG’s 2005 Supplemental Guidance for Hospital Compliance Programs focused on the roles of corporate leadership and the need for regular self-assessment and ongoing enhancements of the organization’s compliance program. The 2004 sentencing guidelines stated that “high-level personnel” should “ensure that the organization has an effective compliance and ethics program.”9 The 2010 Federal Sentencing Guidelines Manual provides, “Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”10 The assessment is sometimes referred to as the unofficial “eighth element” of an effective compliance program.

Therefore, given the need for a defensible assessment of the effectiveness

of the compliance program, a company’s strategy and increased resource allocation for monitoring and auditing activities should include both a short term and long term approach. Short term monitoring and auditing needs may be met with manual processes or existing systems, but a long term strategy to develop more efficient audit informatics to support the auditing and monitoring process should also be deployed so that compliance processes do not over-burden business operations. Appropriately developed audit informatics can also reduce the volume of external auditing resources needed, although, as noted, some level of external assessment and verification of the effectiveness of the company’s compliance efforts is recommended to provide independent validation of the intention and due care taken by both the executive and the company. The long term auditing plan should be developed by a multidisciplinary team that spends considerable time understanding the current information collected by the company and gaps in current information collected, as well as the best methods to build controls into current processes and automate the audit processes, when possible. For companies who have not previously invested considerable time and resources on this process, building the ultimate efficient and effective auditing system may be a multi-year project, but intermediate audit improvement strategies should begin immediately to provide protection for the company and its responsible executives.

With increased liability for healthcare executives, documentation of the effectiveness of compliance efforts should be a top priority. While no compliance program can prevent all illegal conduct, deployment of an effective program should reduce not only the possibility of compliance violations, but also the possibility of government enforcement agencies imposing a Park Doctrine strict liability standard against the responsible executive if a violation does occur.

1 U.S. Department of Health & Human Services, Office of the Inspector General, Guidance for Implementing Permissive Exclusion Authority Under Section 1128(b)(15) of the Social Security Act, http://oig.hhs.gov/exclusions/advisories.asp (last visited Apr. 4, 2012).

2 United States v. Park, 421 U.S. 658 (1975).3 In October 2010, OIG released its “Guidance for

Implementing Permissive Exclusion Authority Under Section 1128(b)(15) of the Social Security Act” which provides for permissive exclusion of corporate officers or managing employees “based solely on their position within the entity.” See OIG Guidance, fn. 1, supra, at 1. However, if the individual can demonstrate either that preventing the misconduct was impossible or that the individual exercised extraordinary care but still could not prevent the conduct, OIG may consider this as a factor weighing against exclusion. See id. at 4.

4 FDA Regulatory Procedures Manual (RPM) Section 6-5-3, http://www.fda.gov/ICECI/ComplianceManuals/Regulator yProceduresManual/ucm2005380.htm, amended Jan. 26, 2011 (last visited Apr. 4, 2012).

5 Lewis Morris, Former Chief Counsel to the Inspector General, U.S. Department of Health & Human Services, Testimony before the Subcommittee on Oversight of the United States House Ways & Means Committee on Improving Efforts to Combat Health Care Fraud (Mar. 2, 2011), http://oig.hhs.gov/newsroom/testimony-and-speeches/index.asp (last visited Apr. 4, 2012).

6 Id. at 3.7 Park, 421 U.S. at 672 (emphasis added).8 CIA requirements frequently evolve into industry

“best practices” since they provide insight into the factors that the enforcement agencies believe contribute to the effectiveness of compliance efforts.

9 U.S. SENTENCING GUIDELINES MANUAL § 8B2.1(b)(2)(B).

10 Id. § 8B2.1.(b)(2)(C).11 Lanny A. Breuer, Asst. Atty. Gen., Address to the 24th

National Conference on the Foreign Corrupt Practices Act (November 16, 2010), http://www.justice.gov/criminal/pr/speeches/2010/crm-speech-101116.html (last visited Apr. 4, 2012).

Written by Denise D. Burke &Machelle D. Shields*

Denise Burke and Machelle Shields currently serve as members of the Federal Monitor team that is led by Butler Snow attorney, James B. Tucker, that is currently monitoring compliance with the Deferred Prosecution Agreement between Wright Medical Technology, Inc. and the United States Attorney’s Office for the District of New Jersey.

COMPLIANCE|Solutions 9