General Context and Background of Healthcare Compliance

Pharmaceutical and medical device companies (collectively, 'Healthcare Companies') fulfill a critical role in facilitating public health. The quality of their products and services directly impacts the safety of patients and the public at large. Therefore, governments and industry associations worldwide are particularly, and understandably, focused on whether Healthcare Companies comply with applicable ethical, legal, and professional standards. While the specific legal requirements may vary by jurisdiction, at their core, the standards for preventing and combatting illegal practices in the healthcare industry increasingly converge across borders.

To ensure compliance with relevant rules and regulations, Healthcare Companies need to establish a culture of compliance that is embraced throughout the organization, originating from a strong compliance-friendly tone-at-the-top and reinforced by regular compliance messaging and training. In addition, companies should put in place clear and sufficiently detailed compliance policies that address the compliance risks typically faced by employees, including effective monitoring of compliance risk areas as well as appropriate remediation and disciplinary mechanisms to address violations. To limit risk exposure and potential liability for third-party misconduct, it is further essential that companies establish suitable policies and processes for conducting risk-based due diligence of their business partners and any third-party Intermediaries (TPIs) engaged in the course of their operations.

This paper focuses on the key compliance challenges that Healthcare Companies face in promoting and selling their products, as well as in organizing non-promotional events with or for healthcare practitioners (HCPs), and proposes ways to address such challenges. Notably, legal risks are even further elevated in jurisdictions where HCPs are employed by government-owned hospitals or other government-owned or -controlled healthcare facilities, due to potentially applicable anti-bribery statutes that apply across borders (e.g. the U.S. Foreign Corrupt Practices Act (FCPA)).

Key Compliance Risk Categories for Healthcare Companies


We have identified four key compliance risk areas that Healthcare Companies typically face, each of which is addressed in detail in this paper. In all such areas, the primary compliance risk arises from employees of Healthcare Companies providing items of value to HCPs and/or government representatives (or their respective family members), directly or through third parties, as a way to influence pending or future decisions, or reward prior decisions. The underlying reasons for this behavior range from influencing prescription or purchasing behavior in the case of HCPs and hospitals, to granting product approvals or licenses in the case of government officials. Global regulators recognize that such improper value transfers do not always occur in the form of outright cash payments, but in many cases occur through non-monetary or indirect avenues (e.g. inappropriate or excessive travel and entertainment, employment opportunities, prestigious speaker or publication opportunities, or improper grants and donations to foundations associated with customers or government officials, etc.).

Interactions with HCPs

Interactions with HCPs are essential for Healthcare Companies to promote their research, products (drugs and other products), or solutions (e.g. devices or technology) to HCPs and, ultimately, patients and the broader consumer market. These interactions lead to increased awareness among HCPs with respect to developments in the medical field and the ability of the Healthcare Companies' products to meet patient needs. There are numerous avenues through which Healthcare Companies seek to engage with HCPs. These include, for example, sales representatives visiting hospitals to meet with HCPs to discuss the company's products and medical developments; inviting HCPs to attend company-sponsored scientific conferences organized by healthcare organizations, either as speakers or observers; hospital talks or other standalone events organized by the Healthcare Companies; seeking professional advisory services from HCPs; organizing patient support programs with HCPs; and providing samples to help HCPs become more familiar with the company's products. While these interactions are integral to the business operations of Healthcare Companies, they come with an inherent risk of influencing HCPs to prescribe or purchase a company's products.

Interactions with Third Parties

The growing complexity and scale of the pharmaceutical and medical devices industry have resulted in Healthcare Companies increasingly relying on third-party service providers in various strategic areas of operations. These may include, for example, distributors, dealers, and/or agents for the supply, storage, and distribution of products; third parties (e.g. lobbyists) engaged to liaise with relevant regulatory authorities; or event organizers, travel agents, and other logistics providers that assist in organizing congresses and other medical events with HCPs. The degree of risks posed by such third parties is high because they are acting for and on behalf of Healthcare Companies, yet Healthcare Companies may not have full visibility into, let alone control of, a service provider's behavior during the period of engagement. This creates inherent risks that third parties may either intentionally or inadvertently serve as conduits for improper transfers of value to HCPs.

Interactions with Government

In most jurisdictions, the pharmaceutical, medical devices, diagnostics, and med-tech industries are heavily regulated to ensure that end-users are protected from harmful products, as well as to encourage the development and production of new healthcare products and solutions. As a result, Healthcare Companies are expected to, and in many cases required to, interact with government officials at various levels and across various agencies. This may include interactions, for example, relating to the approval and/or licensing of drugs and medical equipment, product certifications concerning the efficacy and efficiency of drugs, public tenders for the supply of products to governments, and product pricing. Each and every interaction with a government official, agency, or authority presents an opportunity for bribery and corruption, particularly when it involves approvals and grants, which is a mainstay in the healthcare industry. Furthermore, in countries where HCPs are employed by government-owned or -controlled hospitals or other healthcare facilities, as in with many emerging markets, interactions with such HCPs may qualify as government interactions according to certain anti-bribery and anti-corruption regimes, as, in particular, the U.S. FCPA.

Other Areas of Compliance Risks

There are various areas that commonly give rise to compliance risks for companies globally, and Healthcare Companies that function in a sales-driven and highly regulated industry are no exception. These risks often arise based on the company's internal operations and its business model. Examples include employee conflicts of interests with respect to third party suppliers or vendors, fraudulent or excessive employee reimbursement claims, inaccurate or incomplete accounting for expenses, or channel-stuffing practices (i.e. selling more goods than needed to distributors and customers to artificially boost reported sales). These practices may not only cause economic loss to the company, but they pose potential legal liability risks (e.g. under the books and records provision of the U.S. FCPA for misrepresenting the company's accounts).

To view the full article click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.